Business Overview:
The 3 rd Party Security Risk Assessor, reporting to the Head of Cyber Security, will be performing security assessments of vendors, service providers and 3 rd party companies that manage systems or information.
Responsibilities:- Review services provided by vendor and define scope of assessment based on SIG / AUP
- Perform security assessments or work with 3 rd party provider who will be performing the review
- Define appropriate risk levels and corrective actions
- Report on assessment outcomes, risk level and associated recommendations
- Input corrective action plans into system
- Follow up on corrective action plans and review evidence for closure
- Provide metrics on a regular basis (KPI / KRI)
- Periodically reach out to vendors hosting our data regarding current threats to ensure they are taking necessary steps to reduce exposure.
- Bachelor of Computer Science degree from an accredited college or university, or equivalent work experience
- Minimum 5 years professional work experience, including a minimum of 2 years in an Information Security role or an IT Auditor role
- Strong written/verbal communication skills, and organizational and work documentation proficiency
- Good communicator with demonstrated ability to pass messages in a clear and concise manner
- Ability to adapt to changing priorities, handle multiple assignments, and adhere to strict deadlines
- Ability to coordinate actions from several different teams
- Experience performing IT audits or IT security risk assessments
- CISSP, CISM or CISA certification