Third-Party Cyber Risk Specialist

About The Position

Requirements

• Bachelor’s Degree or equivalent work experience in a relevant field.
• 3+ years’ experience in third-party risk management, vendor management, security incident response, cyber management or comparable field required.
• Strong understanding of cybersecurity principles, including application security, access control, and incident response.
• Knowledge of compliance and regulatory frameworks (e.g., NIST, SOC 2, GDPR, ISO 27001).
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-function teams.
• Ability to work independently and manage multiple assignments/projects simultaneously.
• Experience conducting vendor risk assessments.
• Candidates must be legally authorized to work in the United States without the need for employer sponsorship now or in the future.

Nice To Haves

• Experience with third party/vendor risk management platforms is a plus.

Responsibilities

• Manage incoming client requests (such as assessments, questionnaires, etc.), prioritize and triage requests to appropriate teams, and validate non-disclosure agreements.
• Facilitate communication between business, legal, technology, and information security teams to validate questionnaire responses and fulfill general requests related to controls defined by Cboe’s standards and policies.
• Serve as a point of contact for internal stakeholders for client due diligence inquiries, ensuring timely and accurate responses.
• Function as the subject matter expert for the response management software used for managing and responding precisely and quickly to client due diligence questionnaires.
• Manage and maintain a standardized library of responses for client due diligence questionnaires, ensuring accuracy and consistency.
• Collaborate with internal experts to update and refine responses as needed.
• Assist team with onboarding new vendor relationships.
• Collect, review, and process information and documentation from third party vendors/suppliers.
• Conduct third-party risk assessments and due diligence reviews.
• Analyze security information to identify significant control or security gaps and report findings to senior team members.
• Perform comprehensive security reviews of potential and existing third-party vendors using questionnaires and security tools to evaluate their cybersecurity controls and identify potential risks.
• Analyze identified risks from third parties and prioritize them based on their potential impact and likelihood of occurrence; create remediation plans accordingly.
• Continuously monitor third-party vendors' security posture through regular assessments, vulnerability scans, and incident reporting to maintain a consistent level of security.
• Coordinate with internal security team to respond to cyber incidents involving third-party vendors, providing necessary support for investigation and remediation.
• Assist with regulatory exams by obtaining documentation and drafting responses to regulator inquiries.
• Perform additional activities as needed.

Benefits

• Fair and competitive salary and incentive compensation packages with an upside for overachievement
• Generous paid time off, including vacation, personal days, sick days and annual community service days
• Health, dental and vision benefits, including access to telemedicine and mental health services
• 2:1 401(k) match, up to 8% match immediately upon hire
• Discounted Employee Stock Purchase Plan
• Tax Savings Accounts for health, dependent and transportation
• Employee referral bonus program
• Volunteer opportunities to help you give back to your communities
• Complimentary lunch, snacks and coffee in any Cboe office
• Paid Tuition assistance and education opportunities
• Generous charitable giving company match
• Paid parental leave and fertility benefits
• On-site gyms and discounts to other fitness centers