Cyber 3rd Party Risk Analyst

Job Description

Cyber & Information Security team is seeking a Third-Party Security Analyst. Reporting to the Director of Cyber & Information Security, the analyst will perform third-party security assessments. You will work with a team of professional Security Analysts leveraging Next Gen security tools to perform the full lifecycle of third-party reviews from onboarding to real-time monitoring of vendors and suppliers. Responsibilities, Functions and Duties : - Conduct technical security assessments of third-party vendors, suppliers and partners by reviewing their security controls, adherence to regulations, compliance and contracts. - Analyze third-party security assessment findings and document security risks within the management software for tracking of risk reporting. - Coordinate with various stakeholders to verify and remediate security risk findings. - Develop KRIs and KPIs around third-party risk assessments and the remediation of key findings. - Develop, Update, and Publish Policies and Standard Operating Procedures for third-party risk management. - Continuously monitor for active vulnerabilities and cyber events against our vendors and suppliers. - Participate in third-party cyber incident response by reaching out to impacted vendors and tracking remediation. - Be an ambassador for Cyber & Information Security within Crum & Forster. Requirements Knowledge and Requirements : - Previous experience performing technical security audits or third-party assessments. - Understanding of current Cyber Vulnerabilities & threats. - Knowledge of security assessments (SOC reports, ISO/NIST, vulnerability and pen testing assessments). - Fundamental understanding of system and network security principles and technology. - Ability to interface with a wide audience of technical and non-technical personnel. Cyber 3rd Party Risk Analyst - Ability to prioritize and manage workloads and deadlines. - Excellent written and verbal communication skills. - Self-starter who is motivated and driven to learn. - Bachelors degree in a technical discipline or equivalent experience Preferred Qualifications : - Prior experience and/or certifications in AWS, Azure, and/or GCP. - Experience in performing third-party assessments of SaaS providers and vendors operating in cloud environments. - Experience performing risk assessments. - Any Security focused Certifications. - 3-5 year Cybersecurity related experience.