3rd Party Cyber Risk Analyst

About The Position

Requirements

• 1-2 years' experience, internship, or coursework in IT security, risk management, compliance, and audit.
• Understanding of third-party/vendor risk management processes and core risk management terminology.
• Exposure to audit processes or evidence collection for compliance reviews.
• Analytical mindset with attention to detail and a willingness to learn new concepts.
• Project, organizational, and content management skills; ability to manage multiple tasks and deadlines.
• Effective written and verbal communication skills; able to collaborate with technical and non-technical stakeholders.
• Ability to prepare and present clear, concise reports and summaries.
• Awareness of key security and compliance frameworks (e.g., SOC 2, NIST, ISO 27001, PCI, HIPAA, HITRUST, SOX).
• Basic knowledge of state and federal cybersecurity regulations and standards.
• Willingness to pursue industry certifications.

Nice To Haves

• Experience with Microsoft Office Suite; familiarity with tools such as SharePoint, Power BI, ServiceNow, UpGuard, or Archer are a plus.
• General understanding of IT concepts, including cloud services (IaaS, SaaS, PaaS), network security, and endpoint security.
• A bachelor's degree in computer science, information technology, or a related field.
• Achieved relevant security certifications are a plus, such as: Certified Information Security Auditor (CISA) Certified in Risk Information Systems Controls (CRISC) GIAC Security Essentials or Professional Certification (GSEC/GISP) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Cloud Security Professional (CCSP) Certified Insurance Data Security Professional (CIDSP) CompTIA Security+

Responsibilities

• Support the execution, documentation, and tracking of third-party risk assessments; this includes collecting and reviewing formal and informal security documentation from vendors.
• Responsible for on/off-boarding vendors into the process, tool, and document repository.
• Applying a shift-left mentatlity in every vendor lifecycle stage to foster a security and continuous improvement mindset.
• Monitor the status and maintenance of 3rd-party security reports with controls, risk registers, and remediation activities.
• Prepare and update basic reports and summaries for management on vendor risk status and compliance activities.
• Execute and influence positive process changes and test new capabilities in the cyber risk tool.
• Participate in the collection of evidence and documentation for audits and regulatory reviews.
• Stay informed about changes in cybersecurity regulations (ie. NYDFS 500) and best practices; escalate relevant updates to senior team members.
• Escalate issues or risks to senior analysts or management as needed.
• Participate in security awareness activities, such as training sessions and phishing simulations.

Benefits

• comprehensive health, dental and vision insurance
• emotional wellbeing through mental health benefits and an employee assistance program
• paid time away benefits (e.g., paid time off, paid parental leave, short-term disability, and a cultural observance day)
• contributions to healthcare accounts
• a pension plan
• a 401(k) plan with Company matching
• ProHealth Rewards, Protective’s platform to improve wellbeing while earning cash rewards