Senior Engineer

Job Description

The Role is to work as a Senior Analyst on the GRC Third Party Risk Assessment, Cybersecurity team and is a Tier / L2 support role for Vendor Risk Management (Cyber). The Cyber vendor team conducts the cyber diligence on all firm vendors and works closely with the Vendor Risk Team (Non-Cyber The individual will be responsible for managing portions of the operational work for VRM (Cyber) Kickoff of reviews, touchpoints with vendors to follow up on review status, collecting evidence, and following up on any action items. Updating tracking tools and drafting reports for stakeholders The ideal individual also has cybersecurity and risk management proficiency and can review questionnaires that vendors provide, identify control deficiencies, ask to follow up questions and know when to escalate control gaps to Tier / L3 Training on our proprietary system will be given, however knowledge of frameworks such as the SIG, CAIQ, NIST, ISO and SOC1/2 will be ideal. Having specific vendor risk experience is not a requirement, but knowledge of cybersecurity is If they understand risk management and vendor risk thats a plus, but I can teach them more about our risk management approach, but reviewing and understanding technical controls is important. Understanding of cybersecurity domain like Application security, threat management, incident response, network security, infrastructure security, cloud security, end point security, vulnerability managemen Knowledge of industry regulations and standards such as NIST, ISO, GDPR, SOC is also useful. Good to have working experience onMandatory SkillUse of Tools Microsoft Office, Word, PowerPoint, Excel Familiarity with Jira, Confluence, Kanban Board, ServiceNo Familiarity with ISO 27001, ISO 27002, ISAE 3402, SOC 1 and 2, SOX, CMMC, HITRUST, HIPAA, CRBF, Solvency, etc Familiarity with cybersecurity domains such as domains Compliance of the companys user access rights and respond with reports to auditors. Good to have Handson experience in assessing GRC tools (e.g. ProcessUnity, Hyperproof etc.) Good Communication and audit report writing Skill Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: GRC Consulting. Experience3-5 Years.