Tech Risk Assurance Third Party Lead

Description

Opportunity to shape risk culture and ensure technological safeguards in a dynamic collaborative environment.

As a Tech Risk Assurance - Third Party Lead in Cybersecurity Technology & Controls you will lead expert technical risk assurance and control oversight to ensure the firms products and lines of business achieve their objectives while effectively managing risk. Utilizing your background in technology risk management you will work with cross-functional teams to identify assess and mitigate emerging risks and vulnerabilities. Your tactical and strategic decision-making will significantly impact the firms operations financial management and public image. You will play a crucial role in fostering a robust risk culture and catalyzing continuous improvement contributing to the development and implementation of comprehensive risk management policies standards and controls.

Job responsibilities

• Lead efforts to strengthen the firms third-party risk assessment and control environment identifying areas for improvement and advising on control implementation to mitigate thematic risks.
• Advise stakeholders on risk management controls development and adherence to mitigate risks
• Proactively monitor key risk indicators analyze control metrics and offer insights on risk management effectiveness to senior management driving continuous improvement initiatives
• Collaborate with Control Owners to establish and uphold clear cyber technology and data control requirements for all third-party relationships.
• Influence drive and oversee the efficient execution of third party assurance programs ensuring alignment with organizational objectives risk appetite and regulatory compliance while continuously updating requirements to address evolving threats and regulatory changes.
• Engage with regulators clients and stakeholders on risk-related issues provide necessary oversight ensuring compliance with laws regulations and internal policies
• Act as a liaison to Global Supplier Services Tech Risk and Controls Product Security Business Control Managers and GRC leads to foster a collaborative approach to third-party risk management.
• Partner with legal and procurement teams to ensure contracts with third-party vendors include robust cybersecurity and data protection provisions.

Required qualifications capabilities and skills

• Obtain 8 years of experience in third-party risk management cybersecurity technology risk or related disciplines and a Bachelors degree in Information Security Cybersecurity Risk Management Business Administration or related field; Masters degree preferred.
• Experience in a highly regulated industry (e.g. financial services healthcare) is strongly preferred.
• Deep understanding of third-party risk management frameworks cybersecurity controls and regulatory requirements (e.g. OCC FFIEC GDPR ISO 27001 NIST).
• Proficiency in data security risk management & controls security governance and analytical thinking with a track record of implementing effective risk mitigation strategies
• Proven ability to lead cross-functional teams influence senior stakeholders and drive strategic initiatives.
• Demonstrated ability to manage complex programs and projects prioritize competing demands and deliver results in a fast-paced environment.
• Advanced knowledge of data analytics and data literacy to uncover actionable insights and support business decision-making
• Experience working with legal and procurement teams to negotiate and strengthen contractual provisions related to cybersecurity and data protection.
• Demonstrated experience utilizing a range of GRC (Governance Risk and Compliance) and data analytics platforms such as Archer ServiceNow Alteryx Tableau and QlikView.

Preferred qualifications capabilities and skills

• Certified Risk and Information Systems and Controls (CRISC) certification
• Certified Third Party Risk Professional (CTPRP)
• Certified Regulatory Vendor Program Manager (CRVPM)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Other relevant certifications

#CTC