Consultant - Third Party Security Risk - Investment Bank

We have an opportunity with our organization for Consultant - 3rd Party Security Risk - Top Global Investment Bank

Years of Experience: 3 years with a minimum of 2 years as 3rd Party Vendor Risk Assessor

Position Objective:

The 3rd Party Security Risk Assessor, reporting to the Head of Procurement Center of Excellence that performs security assessments of vendors, service providers and 3rd party companies that manage systems or information. The idea candidate is expected to be actively involved in the day to day operations of this team.

Roles and responsibilities:

- Review services provided by vendor and define scope of assessment based on a questionnaire

- Perform remote security assessments or work with 3rd party provider who will be performing the review

- Define appropriate risk levels and corrective actions

- Report on assessment outcomes, risk level and associated recommendations

- Input corrective action plans into system

- Follow up on corrective action plans and review evidence for closure

- Provide metrics on a regular basis (KPI / KRI)

- Periodically reach out to vendors hosting our data regarding current threats to ensure they are taking necessary steps to reduce exposure.

Mandatory Skills:

- Bachelor of Computer Science degree from an accredited college or university, or equivalent work experience

- Strong written/verbal communication skills, and organizational and work documentation proficiency

- Ability to coordinate actions from several different teams

- Good communicator with demonstrated ability to pass messages in a clear and concise manner

- Ability to adapt to changing priorities, handle multiple assignments, and adhere to strict deadlines

- Experience performing IT audits or IT security risk assessments

- CISSP, CISM or CISA certification