Cyber Security Principal (Third Party Risk Management) Remote - Conexess Group, LLC
New York, NY
About the Job
Our History:
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.
Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project-based work.
Conexess Group is aiding a large healthcare client in their search for a Cyber Security Principal in a remote capacity. This is a long-term opportunity with a competitive compensation package.
Responsibilities:
Qualifications:
#LI-DB1
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.
Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project-based work.
Conexess Group is aiding a large healthcare client in their search for a Cyber Security Principal in a remote capacity. This is a long-term opportunity with a competitive compensation package.
Responsibilities:
- Plans, designs and/or recommends security solutions and capabilities that enable the organization to identify, protect, respond and recover from cyber threats and vulnerabilities in an off-shore/outsourcing environment.
- Drive and lead security and risk prevention solutions and programs for the Third Party Cyber Risk Management Program in partnership with key technology stakeholders from the broader cyber and technology organization.
- Assess complex IT environments and mapping the data flow through systems/applications and organization functions
- Identify and evaluate complex business and technology risks, internal control risk management, IT controls and related standards
- Define, develop and implement security solutions/requirements within outsourcing program by utilizing NITS framework, etc. (off-shore/near-shore) .
- Initiate and drive risk reduction solution/requirements through operational best practices and technology improvements in partnership with the broader cyber and technology organization.
- Be an advocate for key business stakeholders by uncovering security risks within internal processes, technologies, and partnerships and developing a plan to manage and remediate those risks
- Lead technical implementation requirements for our TPCRM outsourcing program, ensuring they are aligned with the broader cyber organization processes and standards
- Hypothesize, socialize and seek feedback on security programs with various cross-functionals partners (network, endpoint, virtualized platforms, infrastructure). Establish security controls to ensure protection of off-shore systems and delivery centers.
- Consult on outsourcing MSA and SOW contract language to ensure security, reliability, and IT requirements are aligned with security standards in partnership with business, legal, sourcing, privacy and IT stakeholders
Qualifications:
- Masters Degree Preferred
- 7+ years’ experience working in cybersecurity, with a focus on governance, risk, and compliance. Consideration will be given for equivalent combined experience in an IT, Risk Management or technology management capacity.
- Working knowledge of general IT and business processes and familiarity with organizational technology landscapes.
- Hands-on technology administration is not required, but sufficient familiarity to participate in technical discussions is critical.
- Deep understanding of cyber risk assessment and risk management, and familiarity with cybersecurity- and privacy-related regulatory compliance requirements, industry standards and frameworks (NIST, PCI, ISO, etc.), and key technical concepts (e.g., networking, protocols, cloud technologies).
- Preferred: Demonstrated working knowledge of at least one of the following – SSDLC, secure architecture design, threat modelling, data privacy, AI security, cloud security.
#LI-DB1
Source : Conexess Group, LLC
