Catherine Tibaaga
@catherinetibaaga
Experienced risk management consultant specializing in vendor and operational risk.
What I'm looking for
I am a seasoned risk management consultant with extensive experience in vendor and operational risk management. My career has been dedicated to ensuring that organizations effectively identify, assess, and mitigate risks associated with third-party vendors. I have successfully led teams in developing risk assessment processes that align with industry standards such as ISO 27001 and NIST, ensuring compliance with regulatory requirements while fostering strong vendor relationships.
Throughout my professional journey, I have been recognized for my ability to create and implement innovative risk management strategies that not only protect organizations from potential threats but also drive cost savings through effective procurement practices. My analytical skills, combined with my expertise in data analytics tools like Tableau and PowerBI, allow me to provide actionable insights that enhance decision-making and improve risk posture.
I am passionate about continuous improvement and strive to align risk management practices with corporate strategic objectives. My goal is to contribute to an organization that values proactive risk management and fosters a culture of compliance and operational excellence.
Experience
Work history, roles, and key accomplishments
IT Vendor Management Consultant
TalTeam / Blue Cross Blue Shield
Aug 2022 - Present (2 years 10 months)
Worked with internal and external stakeholders to complete inherent and preliminary due diligence risk questionnaires for IT vendors. Performed various risk assessments (Business Continuity, Disaster Recovery, Information Security, Reputational, Financial) and analyzed SOC reports, ISO 27001, and PCI attestations. Managed vendor relationships, negotiated contracts, ensured cost savings, and monito
IT Vendor Risk Consultant
Washington Suburban Sanitation Commission
Jun 2019 - Aug 2020 (1 year 2 months)
Developed the IT Security Risk Assessment Process and evaluated third-parties' information security controls against industry standards like ISO 27000, NIST, and PCI DSS. Created a Maturity Model for IT Security Risk Assessments and worked with vendors to mitigate identified risks. Implemented a risk-based approach to information security assessments.
IT Risk Assessment Consultant
Commerzbank AG
Feb 2017 - May 2017 (3 months)
Created an information security maturity scale and training guide for third-party risk assessments, integrating information security risk into the TPRM lifecycle. Completed IT Security Risk Assessments for vendors, evaluating controls against ISO 27000, NIST, and PCI DSS. Drafted contract language for procurement to ensure compliance and audit rights.
Senior Enterprise Vendor Management Professional
Freddie Mac
Jan 2016 - Feb 2017 (1 year 1 month)
Managed a team of Vendor Risk Management (VRM) analysts, ensuring timely completion of risk assessments and training on regulatory application. Developed processes for contractual language inclusion and alternative risk assessment for non-compliant vendors. Collaborated with Enterprise Operational Risk Management (EORM) to align VRM with ERM principles and regulatory guidelines.
IT Vendor Manager
JPMorgan Chase & Co
Feb 2014 - May 2015 (1 year 3 months)
Managed vendor relationships and third-party risk, completing inherent risk questionnaires and collaborating with SMEs for comprehensive risk assessments. Evaluated vendor adherence to industry standards (ISO 27001, NIST) and mitigated identified risks. Drafted and negotiated contracts, ensuring cost savings and compliance with regulatory standards like GLBA.
Vendor Risk Management Analyst
E*TRADE Financial
Apr 2013 - Sep 2013 (5 months)
Tracked and reported vendor compliance using Microsoft Excel, Agiliance, and Oracle, ensuring adherence to Procurement, Legal, and VRM policies. Conducted inherent and comprehensive vendor risk assessments with SMEs, recommending internal controls and providing reports to Enterprise Risk Management. Developed training materials and identified Key Risk Indicators (KRIs) for risk exposure.
Contracts/Procurement Administrator
Jones Lang LaSalle Americas, Inc.
Jun 2011 - Apr 2013 (1 year 10 months)
Drafted and negotiated contracts and amendments, ensuring compliance with legal, sourcing, and risk management policies. Coordinated RFP processes, engaged in vendor negotiations, and performed due diligence for vendor onboarding and reviews. Monitored vendor performance using KPIs and conducted operational risk assessments, ensuring proper implementation of risk management policies.
Financial and Accounting Analyst
StreamCenter, Inc.
May 2008 - Jun 2011 (3 years 1 month)
Drafted and negotiated contracts, prepared and analyzed financial statements including Income Statement, Balance Sheet, and Statement of Cash Flows. Managed accounts payable, accounts receivable, and depreciation schedules, performing bank reconciliations and preparing expense and sales commission reports. Conducted year-end audits and closing entries.
Education
Degrees, certifications, and relevant coursework
Eastern New Mexico University
Bachelor of Business Administration, International Business
Currently pursuing a Bachelor of Business Administration with an emphasis in International Business. This program focuses on global business practices and international market dynamics.
Tech stack
Software and tools used professionally
Availability
Location
Authorized to work in
Interested in hiring Catherine?
You can contact Catherine and 90k+ other talented remote workers on Himalayas.
Message CatherineFind your dream job
Sign up now and join over 85,000 remote workers who receive personalized job alerts, curated job matches, and more for free!
