Third Party Risk Assessor

About The Position

Requirements

• 5+ year of experience in performing third party audits, assessments and managing risk and compliance issues, or similar experience managing applications, projects or systems that require identification, evaluation and remediation of risks.
• Technical background or demonstrable understanding of a range of operational and IT risks and operations.
• Experience in performing third party vendor risk assessments/audits including contract negotiations.
• Experience gathering and interpreting risks and associated impacts in context of financial and operational concerns.
• Understanding of complex audit and assessment risk-related issues through demonstrated experience in managing vendor assessments, information security assessments, and audits.
• Confidentiality: Knowledge of practices and policies governing disclosure of information about the organization, its business activities, and employees; ability to apply this knowledge appropriately to diverse situations.
• Industry Knowledge: Knowledge of the organization's industry group, trends, directions, major issues, regulatory considerations, and trendsetters; ability to apply industry knowledge appropriately to diverse situations.
• Information Security Management: Knowledge of the processes, tools and techniques of information security management; ability to deploy and monitor information security systems, while detecting, controlling and preventing violations of IT security.
• IT Governance: Knowledge of the accountability framework and processes used to encourage proper behavior in IT activities and operations; ability to implement IT systems and controls to meet business needs and requirements.

Nice To Haves

• A bachelor's degree preferably in computer science, engineering, mathematics, or statistics.
• Desired professional qualifications may include: Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM)
• Savvy interpersonal / relationship skills, able to foster working relationships within the team, across IT and with business colleagues
• Knowledge of business and technology practices and trends
• Excellent written and verbal communication skills
• Ability to communicate complex issues in a language understood by business leaders across multiple disciplines (such as business, IT and security) within an organization
• High level of personal integrity and demonstrated willingness to call out and act on issues

Responsibilities

• Perform security assessments and audit on Information Security processes and systems of third parties to identify weaknesses or vulnerabilities.
• Perform design as well as operating effectiveness assessments of internal controls.
• Ensure compliance of systems with applicable regulatory, legal requirements and internal policies.
• Perform security risk assessment on third party vendors or their products.
• Negotiate security requirements in the agreements with third party vendors.
• Provide recommendations on the remediation of weaknesses, vulnerabilities to improve compliance.
• Prepare clear and comprehensive audit reports by documenting the findings, risk ratings, and remediation recommendations.
• Present the audit report to Business Stakeholders, IT Leadership, and IT teams to explain the findings and recommendations.
• Log and track the remediation of findings until closure.
• Report/Escalate any issues or concerns to senior management.
• Prepare and present KPIs/KRIs to the senior management.
• Stay relevant on the emerging security threats, industry trends, and best practices in cybersecurity.

Benefits

• Equitable provides a full range of benefits. This includes medical, dental, vision, a 401(k) plan, and paid time off.