Cyber and 3rd party risk manager

This lead role supports the risk management product team in identifying, analyzing, and mitigating IT-related risks within the organization. The role requires collaboration across multiple departments, ensuring risk controls are established, policies adhered to, and security standards met. The IT Risk Analyst will contribute to risk management frameworks, conduct assessments, and support regulatory compliance efforts.

Roles & Responsibilities

Risk Management Leadership:

• Lead the global risk management and third-party risk assessment organization.
• Oversee a team of risk analysts performing global risk assessment tasks.

Risk Identification and Assessment:

• Conduct risk assessments to identify vulnerabilities in IT systems, processes, and policies.
• Evaluate risks associated with third-party vendors and partners.
• Maintain the IT risk register, documenting risks, issues, and remediation actions.

Risk Mitigation and Monitoring:

• Recommend risk mitigation strategies and implement risk management controls.
• Collaborate with IT, cybersecurity, and business teams to track and resolve identified risks.
• Monitor and report on the effectiveness of IT risk controls, suggesting enhancements.

Compliance and Regulatory Support:

• Ensure compliance with industry standards and regulatory requirements (GDPR, SOX, PCI-DSS, NIST).
• Prepare for internal and external audits, providing documentation and evidence of risk management practices.
• Support IT governance, risk, and compliance frameworks.

Vendor Risk Management:

• Conduct vendor risk assessments, ensuring third-party services align with internal risk/security policies.
• Regularly review vendor performance and risk exposure, collaborating with procurement and legal teams.

Basic Qualifications and Experience

Education:

• Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or a related field.
• Preferred Certifications:
• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)

Experience:

• 4-6 years of experience in IT risk management, IT auditing, or information security.
• Hands-on experience with risk management tools and frameworks (ISO 27001, NIST, COBIT).

Skills & Competencies

• Strong understanding of IT infrastructure, systems, and security best practices.
• Ability to assess technical and business risks related to IT systems.
• Excellent problem-solving, analytical, and communication skills.
• Ability to communicate complex risk concepts to non-technical stakeholders.
• Knowledge of regulatory frameworks (GDPR, HIPAA, SOX, PCI-DSS).
• Experience in security-related contract clauses, including Security Requirements Schedules (SRS).

Technical Knowledge

• Proficiency with risk management tools, GRC software, and security incident management tools.
• Experience in security controls for networks, databases, and cloud environments.

Soft Skills

• Excellent analytical and troubleshooting skills.
• Strong verbal and written communication skills.
• Ability to work effectively with global, virtual teams.
• High degree of initiative and self-motivation.
• Ability to manage multiple priorities successfully.
• Team-oriented mindset with a focus on achieving team goals.
• Strong presentation and public speaking skills.
• Collaboration with global teams.