Senior Information Security Third Party Risk Lead

Primary Purpose:

This 6-mth contract role reports directly to the Director of Information Security and will be responsible for managing the Information Security Third-Party Risk Management (TPRM) program throughout the life cycle. The individual in this role, must ensure Company’ third-party portfolio is properly evaluated, assessed and managed to minimize risk exposure and impact to Company.

Job Description:

In this role, the Analyst will manage, monitor, and coordinate third party risk activities by working directly with business lines and third-party contacts to ensure the appropriate protection of Company’ data. In this role, the successful candidate will interact with all levels of the organization and function as an integral team member in advancing the overall third-party program and will be accountable for performing third party due diligence to meet information security, data protection, and compliance requirements. The role requires a strong background and understanding of all cybersecurity domains. The candidate must use a business risk-based approach to the decision-making process.

Essential Duties and Responsibilities:

Conduct information security assessments of company’s third parties. This includes:

• Oversee the third-party vendor risk assessment process for new vendor onboarding and periodic risk assessments, distribution of due diligence questionnaires to the third-party vendors and partners, review submitted questionnaires for completeness, ensure stakeholders finalize reviews and determine overall residual risk rating.

• The reporting of security assessments, namely, reporting results, developing findings and recommended remediation plans

• Coordinates the identification and ranking of third-party risks

• Influences third parties and business partners to ensure compliance with risk management policies, to include driving the completion of required assessments within determined SLAs

• Organize and lead meetings related to third party assessments: prepare meeting agendas, send out meeting minutes and coordinate follow up activities as appropriate

• Analyze various scorecards/performance management tools to identify areas of risk.

• Communicate and collaborate with internal and external teams, stakeholders, and vendors. Assist in the continuous improvement and maturity of the organization's third risk management framework, program, processes, and tools.

• Monitor, track, report, and escalate third-party risks to Management

• Meet SLA expectations for assessments/re-assessments

• Communicates risk assessment findings to all levels of the organization

• Assist with maintenance of the GRC tool used by the team.

• Operate with a limited level of direct supervision and exercise independence of judgement and autonomy.

  Minimum Education & Experience Requirements:

• BS/BA in Computer Science, IT, Information Systems, or 10+ years’ experience in IT Security or IT infrastructure disciplines

• 3-5 years of work experience in Third Party Risk Management, Vendor Management, Risk Management

• Relevant certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or another comparable accreditation

• Proficient in report writing

• Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.

• Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, NIST, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, ISO, GDPR, PCI)

  Personal Attributes:

• Ability to work independently on defined tasks and can be relied upon to deliver high quality results

• Demonstrate problem solving, analytical skills and attention to detail

• Ability to define problems, collect data, establish facts, carry out logical analysis, and draw valid conclusions.

• Business and solution oriented, global mindset of strategic orientation, with ability to act tactically as required.

• Experience in working in a team-oriented, collaborative environment

• Excellent communication (both written and verbal in English) and facilitation skills (small and large groups), especially when interacting with different levels of business.

• Strong interpersonal and communication skills, with the ability to effectively collaborate with both technical and non-technical peers.

Posted On: Monday, April 29, 2024