Apply on Employer Site

Crowe · 5 hours ago

Third Party Risk Senior Consultant

Denver, CO

Full-time

Hybrid

Mid, Senior Level

$85K/yr - $169K/yr

2+ years exp

Crowe is one of the largest public accounting, consulting and technology firms in the United States, and they are seeking a Third Party Risk Senior Consultant. This role is primarily responsible for assessing the information security posture of key clients’ third parties and coordinating the overall execution and delivery of assessments, including conducting risk assessments and evaluating security controls.

AccountingAdviceConsultingFinanceFinancial ServicesInformation TechnologyProfessional ServicesTax Consulting

No H1B

Responsibilities

Conducting Third Party Risk Assessments by evaluating third party questionnaire responses, performing control validation, and assessment of documentation per established procedures and standards

Performing site visits to third-party facilities

Evaluating the effectiveness of security controls for compliance with applicable policies, security laws, and regulations

Assessing cloud technologies such as Software as a Service (SaaS) hosted applications, Platform as a Service (PaaS), and Infrastructure as a Service deployments (IaaS)

Documenting information security risk and compliance findings and recommendations for remediation

Perform quality assurance and review of assessments performed by other team members

Delivering high quality, thorough reports

Coordinating the schedules and assessments for key third party clients and overseeing all key deliverables

Qualification

Information SecurityRisk AssessmentCompliance FrameworksCybersecurity ExperienceProject ManagementBilingualCommunication SkillsTeam Collaboration

Required

Bachelor's Degree

Information Technology and/or Cybersecurity background and/or experience, including 2-4 years IT experience with network, platform, and/or application technology

Willingness to obtain the Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified Third Party Risk Assessor (CTPRA) designations

Knowledge of security areas such as auditing, policy, database security, firewall design and implementation, risk analysis, identity management, access management, or web

Working knowledge of at least one compliance framework, such as SOC2, ISO 27001, NIST, HIPAA

Experience managing multiple projects, in a fast-paced environment

Proven ability to learn new technologies and systems, especially through independent research and self-study

Ability to communicate technical information verbally and through written documentation

Ability to manage project schedules and client expectations

Ability to travel domestically an average of 20%-50% per year