Third-Party Risk Assessment Advisor (Remote w/ Monthly Travel) - Conexess Group, LLC
New York, NY
About the Job
Our History:
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.
Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project-based work.
Conexess Group is aiding a large healthcare client in their search for a Third Party Risk Management Advisor in a remote capacity. This is a long-term opportunity with a competitive compensation package.
** Must be able available for domestic travel once a month**
Responsibilities:
Qualifications:
#LI-Remote
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.
Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project-based work.
Conexess Group is aiding a large healthcare client in their search for a Third Party Risk Management Advisor in a remote capacity. This is a long-term opportunity with a competitive compensation package.
** Must be able available for domestic travel once a month**
Responsibilities:
- The Information Protection Sr. Advisor within the Third Party Cyber Risk Management (TPCRM) is responsible for providing guidance to the TPCRM program on Cyber Security decisions and consultation that has significant impact on strategic planning and the overall day-to-day third-party outsourcing risk by collaborating within a highly matrixed environment with multiple key stakeholders.
- This role will work closely with the TPCRM leadership and external/internal entities to solve unique and complex problems related to information protection that have broad impact on the business.
- The role works with the business and IT to anticipate external/internal outsourcing challenges and and/or regulatory issues, and recommends process, technical security design or service improvements.
- Act as a lead SME for TPCRM and is a recognized Information Protection expert and thought leader by both internal/external community and is responsible for technical leadership for TPCRM outsourcing service
- Understand the overall Third-Party landscape and accompany strategy and provide overall technical guidance to the, acting as conduit between Information Protection, Technology and the business
- Lead development and implementation of Information Protection technical design, patterns, process and service improvements to business driven outsourcing initiatives
- Perform ongoing vendor cyber security risk assessments to review complex technology and business risks related to vendors security controls/posture and determine acceptance to company framework of controls
- Liaise with key functional teams such as Technology, Legal, Privacy, BCP, Information Protection and relevant business stakeholders to perform third party security reviews on their new and existing vendors and identify risks that require remediation
- Perform comprehensive vendor security assessment, identify risk, determine appropriate risk levels, document risk in Archer GRC and recommend remediation or mitigation strategies to the business and/or technology teams
- Vendor Governance – partner with vendors hosting or accessing our data in regular frequency to identify changes to security posture, identify non-conformances to agreed up controls, and identify current threats to ensure they are taking necessary steps to reduce exposure and risk
- Work with business and technology teams to ensure security controls are built into IT functional specifications using leading industry practices and company defined controls
- Drive relevant stakeholder participation in evaluation of risk and control effectiveness
- Maintain expertise on security trends through training, research, and development in order to mitigate potential security exposure
- Develop vendor “personas” that provide a profile of vendor to include but not limited to overview of company, scope of services, statement of work (SOW), etc.
Qualifications:
- Bachelor's degree in management information systems, computer science, cyber security or higher
- Possess expertise in multiple technologies and/or highly specialized areas
- Have a proven record track record of technical thought leadership and influence with IT and business management – including working to influence Information Protections best practices and partner to solutions, as appropriate
- Must demonstrate strong overall technical aptitude in the following but not limited to end user computing, network, voice/contact center, etc.
- Effective communicate complex technology models
- Demonstrate strong collaboration techniques to achieve a defined and common business purpose
- Minimum 4 years' experience performing Third- Part Risk Assessment within an Information Security, Information Technology or Operational Technology department
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISACA Certified in Risk and Information Systems Control (CRISC)
- Emerging technologies, such as Governance Risk and Compliance (GRC) technologies;
- Common third party risk industry standard, regulations, and regulators (e.g. FFIEC, OCC, FRB, GDPR, HIPAA / HITECH, HKMA, PRA, APRA, JFSA, RBI, BaFin, CFPB, SEC etc.), especially as it relates to building a program and/or managing internal controls, risk assessments, business process or operational auditing; and,
- Principles and industry leading practices in Risk Assessment skills, Audit background, including familiarity with SOC I (SSAE16) and SOC II, ISO 27001, etc
- Excellent analytical and problem solving skills with the ability to “think outside the box”
- Excellent oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audience
- Ability to influence and collaborate at all organizational levels
- Presentation skills, ability to prepare presentations, management reporting, and statistical analysis
- Ability to take initiative and work independently with minimal supervision in a structured environment
- Ability to work effectively in virtual environment where key team members and partners are in various time zones and locations, and not always readily available
- Knowledge and understanding of risk assessments methodologies
- Strong organizational, multi-tasking, and prioritizing skills, with strong time management skills and ability to meet deadlines in a fast paced environment
- Experience communicating in both written and verbal formats with senior executive-level leaders, including the ability to articulate complex concepts in a clear manner
#LI-Remote
Source : Conexess Group, LLC
