Open to opportunities

Evelyn Koffi

@evelynkoffi

Message

I lead enterprise third-party risk and supplier governance to strengthen compliance, resilience, and audit readiness.

United States

Message

What I'm looking for

I’m looking for a leadership role where I can run enterprise third-party risk & compliance governance, build scalable NIST/ISO/SOC 2-aligned frameworks, partner cross-functionally, and strengthen audit readiness, remediation, and operational resilience.

I’m an IT governance, risk, and compliance (GRC) leader with 10+ years of experience leading enterprise risk assessments, supplier governance, IT audit, compliance operations, and vendor lifecycle management across technology, consulting, and regulated industries. I’ve managed large-scale vendor ecosystems, supported 1,000+ supplier and vendor assessments, and driven remediation that reduces high-risk vendor exposure by 25% while improving enterprise risk visibility.

In my current role, I lead enterprise-wide operational risk, third-party risk governance, supplier governance, and compliance initiatives—partnering with Security, Procurement, Legal, Privacy, and executive stakeholders to operationalize compliance programs. I build scalable governance frameworks aligned to NIST, ISO 27001, SOC 2, and cloud security best practices, leveraging continuous monitoring, KPI/SLA oversight, issue management, and risk analytics to strengthen audit readiness and operational resilience.

Experience

Work history, roles, and key accomplishments

Current

Third-Party Risk & Compliance Leader

Current

TikTok U.S. Data Security

Jan 2024 - Present (2 years 5 months)

Led enterprise-wide risk governance and supplier governance programs to strengthen cybersecurity and privacy compliance across complex technology ecosystems. Drove scalable third-party risk governance using continuous monitoring and SLA/KPI oversight, reducing high-risk vendor exposure by 25% and improving audit readiness.

Third Party Risk Management Monitoring Risk & Analytics

Third-Party Risk Analyst

TikTok U.S. Data Security

Jan 2022 - Jan 2023 (1 year)

Conducted large-scale third-party and operational risk assessments across 1,000+ vendors spanning cybersecurity, privacy, and compliance risks. Improved governance methodologies and inherent/residual risk scoring accuracy by 20% and helped reduce vendor-related incidents by 25%.

Compliance Oversight

IT GRC Consultant

Cross Country Consulting

Jan 2019 - Jan 2020 (1 year)

Designed and implemented enterprise compliance programs and risk assessment strategies aligned to NIST, ISO 27001, and SOC 2 to strengthen governance, cybersecurity, and privacy. Led regulatory and operational risk assessments and improved audit readiness by 30% through control validation and remediation support.

Risk Assessment Control Audit Readiness

IT Audit Associate

KPMG

Jan 2017 - Jan 2019 (2 years)

Executed IT audits and compliance assessments evaluating control effectiveness for cybersecurity, data protection, privacy, and regulatory requirements. Identified control deficiencies and compliance gaps, supported remediation strategies, and contributed to investigation and risk-mitigation efforts to improve audit readiness.

IT Auditing Control Effectiveness Cybersecurity & Compliance Data Protection Compliance Assessments Audit Readiness

IT Risk Analyst

IBSS Corporation

Jan 2016 - Jan 2017 (1 year)

Supported federal risk management and compliance initiatives by conducting compliance assessments and assisting audit activities across governed environments. Performed NIST 800-53A (DOJ)–aligned assessments and improved remediation timelines by 25% through structured risk tracking, reporting, and continuous monitoring.

Federal Risk Management Compliance Assessments Audit Support Monitoring