Our client, a leading financial services company, is hiring a Third-Party Risk Analyst on a long-term contract basis.
Work Location:
Warren, NJ
Summary:
- Conducting security control due diligence reviews on third parties, which includes:
- Performing risk-based assessments working in our third-party Vendor Risk Module software.
- Understanding and creating issues identified during assessment.
- Managing issues to the relationship, including risk remediation efforts.
- In-depth Review of third-party policies including SIG, Information Security Policy, Business Continuity/Disaster Recovery, PCI, and SOC reports.
- Maintain broad knowledge of best practices and trends in the field of Information Security.
- Ability to identify improvement opportunities.
Qualifications:
- 4+ years’ experience in IT Governance, Risk Management or Compliance with focus on Cyber or Third-Party Risk Management.
- Experience conducting risk-based assessments is a must.
- Knowledge of regulatory landscape, including PCI-DSS, Sarbanes-Oxley, GDPR, CCPA and HIPAA.
- Familiarity with security Frameworks NIST and ISO.
- SIG (standardized information gathering) is a must.
- Detailed understanding of technology and application risks and controls.
- Proficient in Microsoft Office applications (Excel).
- Experience working with Service Now.
- Strong communications and influencing contacts and acting with different teams across the organization, formulating relationships with vendor contacts, and providing management status summaries.
- Proven organizational skills, ability to prioritize deliverables and work to strict deadlines where necessary.