First Quality · 3 hours ago
Third Party Risk Management Analyst
Maximize your interview chances
Insider Connection @First Quality
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Directly responsible for performing security due diligence risk assessments on new and existing third parties against First Quality policies as well as leading industry practices
Identify third party risks, appropriate risk levels, and recommend remediation or mitigation strategies to the business
Present issues to the business and 3rd parties and obtain corrective action plans
Track and follow up on corrective action plans and review evidence for closure
Work with business and project teams to ensure security controls are built into IT functional specifications using leading industry practices
Review documentation associated with third party risk assessments to identify non-conformances
Establish and maintain Key Performance Indicators (KPIs)and Key Risk Indicators (KRIs) for the Third-Party Risk Management Program and initiatives
Periodically reach out to vendors hosting our data regarding current threats to ensure they are taking necessary steps to reduce exposure and risk
Perform maintenance and configuration changes, as necessary, in the Third-Party Risk Management platform
Update procedure documentation to incorporate process changes
Drive relevant stakeholder participation in evaluation of risk and control effectiveness
Maintain expertise on security trends through training, research, and development to mitigate potential security exposures
Liaise with key functional teams such as HR, IT, OT, Digital Strategy, Finance, Enterprise Risk, Quality, Office of General Counsel and relevant business stakeholders to perform third party security reviews on their new and existing vendors and identify risks that require remediation
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
5 years’ experience working directly in an Information Security, Information Technology or Operational Technology department with involvement in the Third-Party Risk Management Program
Working knowledge of security technologies and controls in the following areas: Operational Technology/SCADA systems, cloud computing, mobile device management, identity and access management, emerging technologies
Working knowledge of the following types of assessment reports: Standard Information Gathering (SIG), SOC 1 and 2 reports, CAIQ
Working knowledge of the following frameworks and regulations: ISO 27001/2, NIST 800-53, NIST CSF, Standard of Good Practice, HIPAA HiTrust
Bachelor's degree in management information systems, computer science, cyber security or equivalent
Ability to work independently and under the guidance of a direct supervisor
Ability to prioritize and multitask and a work approach that supports flexibility and adaptability is paramount
Excellent written and oral communications skills; ability to lead discussions, present ideas to audiences of all sizes, and interact with all levels of the organization
Ability to communicate security technical risks to non-technical business stakeholders
Proficiency with the Microsoft Office suite
Preferred
Experience working with any Third-Party Risk Management platform is preferred
Experience securing or assessing SCADA/OT systems and vendor solutions is a plus
Professional security management certification: CompTIA Security +, CISSP, CISA, or equivalent or working towards certification is preferred
Benefits
Attractive annual discretionary bonus
Robust suite of employee benefits
Company
First Quality
Manufacturing Adult Incontinence Products, Feminine Hygiene Products, Baby Wipes, Adult Washcloths, and Consumer Paper Products.
Funding
Current Stage
Late StageRecent News
Company data provided by crunchbase