Consultant – 3rd Party Security Risk Assessor

Business Overview:

The 3 rd Party Security Risk Assessor, reporting to the Head of Cyber Security, will be performing security assessments of vendors, service providers and 3 rd party companies that manage systems or information.

Responsibilities:

  • Review services provided by vendor and define scope of assessment based on SIG / AUP
  • Perform security assessments or work with 3 rd party provider who will be performing the review
  • Define appropriate risk levels and corrective actions
  • Report on assessment outcomes, risk level and associated recommendations
  • Input corrective action plans into system
  • Follow up on corrective action plans and review evidence for closure
  • Provide metrics on a regular basis (KPI / KRI)
  • Periodically reach out to vendors hosting our data regarding current threats to ensure they are taking necessary steps to reduce exposure.
Qualifications:

  • Bachelor of Computer Science degree from an accredited college or university, or equivalent work experience
  • Minimum 5 years professional work experience, including a minimum of 2 years in an Information Security role or an IT Auditor role
  • Strong written/verbal communication skills, and organizational and work documentation proficiency
  • Good communicator with demonstrated ability to pass messages in a clear and concise manner
  • Ability to adapt to changing priorities, handle multiple assignments, and adhere to strict deadlines
  • Ability to coordinate actions from several different teams
  • Experience performing IT audits or IT security risk assessments
  • CISSP, CISM or CISA certification