T&T - Cyber - TPRM - AM

Key Responsibilities:

• Third-Party Risk Assessment:

  Lead the development and execution of the third-party risk management program, including performing comprehensive

  risk assessments

  of third-party vendors, contractors, and partners to evaluate their cybersecurity posture.

• Risk Mitigation & Control:

  Develop and implement strategies for mitigating third-party risks, ensuring that appropriate cybersecurity controls, policies, and procedures are in place to protect sensitive data and critical infrastructure.

• Vendor Management:

  Work closely with procurement, legal, and compliance teams to evaluate vendor contracts, ensuring that

  security clauses

  and requirements are appropriately included to minimize third-party risks.

• Third-Party Risk Monitoring:

  Continuously monitor third-party risk profiles, assess vendor performance, and ensure compliance with internal security policies and industry regulations (e.g.,

  GDPR

  ,

  CCPA

  ,

  ISO 27001

  ).

• Risk Reporting:

  Provide detailed reports to senior leadership regarding the status of third-party risk management, including risk assessments, remediation efforts, and overall risk mitigation effectiveness.

• Collaboration with Stakeholders:

  Collaborate with internal business units and external vendors to facilitate risk assessments, identify potential vulnerabilities, and recommend solutions for improving cybersecurity posture across the supply chain.

• Incident Response & Remediation:

  Lead efforts to investigate and respond to security incidents and breaches involving third-party vendors, ensuring timely identification, containment, and resolution of incidents.

• Policy Development & Enforcement:

  Assist in the development, implementation, and enforcement of

  TPRM policies

  , frameworks, and procedures that align with organizational goals and regulatory requirements.

• Audit & Compliance:

  Ensure that all third-party cybersecurity assessments and audits are conducted in alignment with industry standards and compliance requirements.

• Training & Awareness:

  Provide guidance, training, and awareness programs to internal teams and vendors on cybersecurity best practices, ensuring that all stakeholders are informed of potential risks and necessary actions.

• Continuous Improvement:

  Stay updated on industry trends and cybersecurity threats, continuously improving the third-party risk management process to address emerging risks and vulnerabilities.

Qualifications:

• Bachelor's degree

  in Cybersecurity, Information Technology, Business Administration, or a related field.

• 5+ years

  of experience in

  cybersecurity

  or

  third-party risk management

  within a

  Telecommunications & Technology (T&T)

  environment, with at least

  2 years in a management or leadership role

  .
• Experience with

  Third-Party Risk Management (TPRM)

  frameworks, tools, and methodologies.
• Strong knowledge of cybersecurity controls, risk assessment processes, and compliance requirements (e.g.,

  NIST

  ,

  ISO 27001

  ,

  SOC 2

  ,

  GDPR

  ).
• Familiarity with

  vendor management

  , contract negotiation, and compliance within the cybersecurity domain.
• Knowledge of

  cybersecurity threat landscapes

  , emerging risks, and industry best practices for managing third-party security risks.
• Strong understanding of

  data privacy

  regulations and how they relate to third-party data handling and processing.

Skills and Competencies:

• Risk Management Expertise:

  Strong experience in managing third-party risks, conducting risk assessments, and developing effective risk mitigation strategies.

• Communication:

  Excellent verbal and written communication skills, with the ability to articulate complex security risks and technical concepts to non-technical stakeholders and senior leadership.

• Analytical Skills:

  Strong analytical and problem-solving skills to identify security gaps, vulnerabilities, and third-party risk factors, and recommend actionable solutions.

• Leadership & Collaboration:

  Ability to lead and collaborate with cross-functional teams, including legal, procurement, compliance, and IT security.

• Project Management:

  Experience managing multiple third-party risk management initiatives, with the ability to prioritize tasks, manage deadlines, and coordinate resources.

• Cybersecurity Tools & Software:

  Familiarity with third-party risk management platforms and tools, such as

  Archer

  ,

  RSA

  ,

  OneTrust

  , or similar platforms.

• Attention to Detail:

  High attention to detail, ensuring that risk assessments, remediation efforts, and documentation are accurate and thorough.

Preferred Experience:

• Certified Information Systems Security Professional (CISSP)

  ,

  Certified in Risk and Information Systems Control (CRISC)