About the position
Joining The American Red Cross is like nothing else - it's as much something you feel as something you do. You become a vital part of the world's largest humanitarian network. Joining a team of welcoming individuals who are exceptional, yet unassuming. Diverse, yet uncompromising in unity. You grow your career within a movement that matters, where success is measured in people helped, communities made whole, and individuals equipped to never stop changing lives and situations for the better. When you choose to be a force for good, you'll have mentors who empower your growth along a purposeful career path. You align your life's work with an ongoing mission that's bigger than all of us. As you care for others, you're cared for with competitive compensation and benefits. You join a community that respects who you are away from work as much as what you do while at work.
Responsibilities
- Perform enterprise-wide vendor risk assessments on new and existing third parties to assess risks and controls.
- Prepare detailed and summary reports of vendor risk assessments.
- Manage third party plans of action to resolve and remediate any vulnerabilities or compliance items that need to be addressed.
- Partner with business units in developing and implementing controls to effectively mitigate the risks inherent in each vendor relationship.
- Evaluate exceptions to determine if compensating controls provide adequate protection of data.
- Work as a subject-matter-expert (SME) with cross-functional oversight to include Security, IT, Legal, Finance, HR, BCP/DR and functional department Supply Managers to ensure compliance with and integration of Third Party Risk Management lifecycle elements.
- Work directly with internal business partners and Supply Managers to assist them in effectively managing their operational risks related to identification of potential risks in business processes, applications, and systems associated with the vendor engagement.
- Participate in the development, implementation, and maintenance of Third Party Risk Management policies, procedures and training material in alignment with industry best practices.
Requirements
- At least 3 years of demonstrated experience in information technology and information security required.
- A Bachelor's degree in an IT or related discipline required; experience may substitute for education.
- Information security / TPRM certification, such as CTPRP, CTPRA, CISSP, CISM, CISA, or GSEC a plus.
- Effective communication skills, both written and verbal, required.
- Ability to foster effective working relationships with both internal and external business stakeholders.
- Clear understanding of the principles of governance, risk management, commercial best-practices, ISO security standards and compliance framework.
- Demonstrated abilities in problem-solving and analysis: identify issues, analyze information to assess root cause and relationships, risks, and potential risk responses.
- Experience balancing risk management and business drivers is essential.
- Proven ability to synthesize and summarize complex data into concise recommendations and reports and presenting solution recommendations.
- Must be highly organized and capable of prioritizing workloads.
- Self-motivated. Personable.
Benefits
- Medical, Dental Vision plans
- Health Spending Accounts & Flexible Spending Accounts
- PTO: Starting at 19 days a year; based on type of job and tenure
- Holidays: 11 paid holidays comprised of six core holidays and five floating holidays
- 401K with up to 6% match
- Paid Family Leave
- Employee Assistance
- Disability and Insurance: Short + Long Term
- Service Awards and recognition
