Principal, Third-Party Risk Management Analyst
- Employer
- Request Technology
- Location
- Florida
- Salary
- 130000.00 - 140000.00 USD Annual + bonus
- Closing date
- 9 Feb 2023
View more
- Employer Sector
- Technology, ICT & Telecoms
- Contract Type
- Permanent
- Hours
- Full Time
- Travel
- None
- Job Type
- Risk Management
You need to sign in or create an account to save a job.
Principal, Third-Party Risk Management Analyst
Salary: $130k-$140k + bonus
Location: Primarily remote with travel to office on occasion
Must live within 2 hour driving distance to either Dallas, TX or Miramar, FL
*We are unable to provide sponsorship for this role*
Qualifications
- 8+ years of professional Information Technology/Security experience that includes Third-Party Risk Management, IT Risk Management, cybersecurity, and governance, risk, and compliance (GRC).
- Bachelor's degree in computer science, information security, information assurance, or related field; or equivalent professional work experience
- Extensive knowledge of IT Risk Management processes and best practices
- Extensive knowledge of Third-Party Risk Management processes and best practices
- Skilled at working with diverse teams and promoting enterprise-wide risk management rigor and a security-first culture
- Proven project management, multitasking and organizational skills
- Experience working with a variety of industry standards, including NIST Cyber Security framework (CSF), NIST 800-53, ISO 27001 & 27002, Cloud Security Alliance (CSA), OWASP, or CIS Benchmark
- Knowledge of IT systems, network security, application security, identity & access management, vulnerability management, endpoint security, and cloud environments (AWS, Azure, Salesforce, etc.)
Responsibilities
Risk Management
- Act as an Information Security Risk Management subject matter expert
- Assist the Information Security Risk Manager in the development and maintenance of the risk hierarchy, risk taxonomy, and risk register.
- Conduct regular risk assessments, documents issues, determines risk levels and coordinates with the appropriate subject matter experts to monitor the remediation of deficiencies
- Monitor the established risks in the IT organization and reports on the effectiveness of related mitigating controls
Third Party Risk Management
- Responsible for the engagement of all third-party relationships to ensure that adequate controls are in place to protect company data and information
- Assist the Information Security Risk Manager in the development, growth, and maturity of the risk-based third-party assessment and continuous monitoring program within ServiceNow
- Conduct annual vendor risk management reviews of existing third parties based on
- established risk ratings
- Review new third-party engagements, tracks issues to resolution, provides feedback on required security controls
- Review SOC 2 Type 2 reports, vulnerability assessments, penetration test results and additional documentation as required
You need to sign in or create an account to save a job.
Get job alerts
Create a job alert and receive personalised job recommendations straight to your inbox.
Create alert