Third-Party Risk Assessment Advisor (Remote w/ Monthly Travel) @ Conexess Group | Jobright.ai
JOBSarrow
RecommendedLiked
0
Applied
0
External
0
Third-Party Risk Assessment Advisor (Remote w/ Monthly Travel) jobs in New York, NY
200+ applicantsPosted by Agency
company-logo

Conexess Group · 9 hours ago

Third-Party Risk Assessment Advisor (Remote w/ Monthly Travel)

positionNew York, NY
timeFull-time
remoteRemote
seniorityMid, Senior Level
date4+ years exp
ftfMaximize your interview chances
ConsultingInformation Services
check
Growth Opportunities
check
H1B Sponsor Likelynote

Insider Connection @Conexess Group

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

The Information Protection Sr. Advisor within the Third Party Cyber Risk Management (TPCRM) is responsible for providing guidance to the TPCRM program on Cyber Security decisions and consultation that has significant impact on strategic planning and the overall day-to-day third-party outsourcing risk by collaborating within a highly matrixed environment with multiple key stakeholders.
This role will work closely with the TPCRM leadership and external/internal entities to solve unique and complex problems related to information protection that have broad impact on the business.
The role works with the business and IT to anticipate external/internal outsourcing challenges and and/or regulatory issues, and recommends process, technical security design or service improvements.
Act as a lead SME for TPCRM and is a recognized Information Protection expert and thought leader by both internal/external community and is responsible for technical leadership for TPCRM outsourcing service.
Understand the overall Third-Party landscape and accompany strategy and provide overall technical guidance to the, acting as conduit between Information Protection, Technology and the business.
Lead development and implementation of Information Protection technical design, patterns, process and service improvements to business driven outsourcing initiatives.
Perform ongoing vendor cyber security risk assessments to review complex technology and business risks related to vendors security controls/posture and determine acceptance to company framework of controls.
Liaise with key functional teams such as Technology, Legal, Privacy, BCP, Information Protection and relevant business stakeholders to perform third party security reviews on their new and existing vendors and identify risks that require remediation.
Perform comprehensive vendor security assessment, identify risk, determine appropriate risk levels, document risk in Archer GRC and recommend remediation or mitigation strategies to the business and/or technology teams.
Vendor Governance – partner with vendors hosting or accessing our data in regular frequency to identify changes to security posture, identify non-conformances to agreed up controls, and identify current threats to ensure they are taking necessary steps to reduce exposure and risk.
Work with business and technology teams to ensure security controls are built into IT functional specifications using leading industry practices and company defined controls.
Drive relevant stakeholder participation in evaluation of risk and control effectiveness.
Maintain expertise on security trends through training, research, and development in order to mitigate potential security exposure.
Develop vendor 'personas' that provide a profile of vendor to include but not limited to overview of company, scope of services, statement of work (SOW), etc.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Cyber SecurityThird Party Risk AssessmentCISSPCISMCRISCGRC TechnologiesRisk Assessment MethodologiesISO 27001Collaboration Techniques

Required

Bachelor's degree in management information systems, computer science, cyber security or higher
Possess expertise in multiple technologies and/or highly specialized areas
Have a proven record track record of technical thought leadership and influence with IT and business management – including working to influence Information Protections best practices and partner to solutions, as appropriate
Must demonstrate strong overall technical aptitude in the following but not limited to end user computing, network, voice/contact center, etc.
Effective communicate complex technology models
Demonstrate strong collaboration techniques to achieve a defined and common business purpose
Minimum 4 years' experience performing Third- Part Risk Assessment within an Information Security, Information Technology or Operational Technology department
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISACA Certified in Risk and Information Systems Control (CRISC)
Excellent analytical and problem solving skills with the ability to “think outside the box”
Excellent oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audience
Ability to influence and collaborate at all organizational levels
Presentation skills, ability to prepare presentations, management reporting, and statistical analysis
Ability to take initiative and work independently with minimal supervision in a structured environment
Ability to work effectively in virtual environment where key team members and partners are in various time zones and locations, and not always readily available
Knowledge and understanding of risk assessments methodologies
Strong organizational, multi-tasking, and prioritizing skills, with strong time management skills and ability to meet deadlines in a fast paced environment
Experience communicating in both written and verbal formats with senior executive-level leaders, including the ability to articulate complex concepts in a clear manner

Preferred

Emerging technologies, such as Governance Risk and Compliance (GRC) technologies
Common third party risk industry standard, regulations, and regulators (e.g. FFIEC, OCC, FRB, GDPR, HIPAA / HITECH, HKMA, PRA, APRA, JFSA, RBI, BaFin, CFPB, SEC etc.), especially as it relates to building a program and/or managing internal controls, risk assessments, business process or operational auditing
Principles and industry leading practices in Risk Assessment skills, Audit background, including familiarity with SOC I (SSAE16) and SOC II, ISO 27001, etc.

Company

Conexess Group

twittertwittertwitter
company-logo
Conexess Group is an information technology company providing IT staffing and project management services.
dateFounded in 2009
location
Nashville, Tennessee, USA
people-size51-200 employees
web-link
http://conexess.com

H1B Sponsorship

Conexess Group has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (1)
2021 (3)
2020 (6)

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Austin Meibers
Founder and Partner
linkedin
Company data provided by crunchbase
logo

Orion

Your AI Copilot