Job Description :
- Support key program objectives to ensure TPRM’s critical 2024 goals are accomplished in alignment with organizational expectations.
- Provide advisory services to evaluate, recommend, design, and implement third-party risk management solutions and process improvements.
- Collaborate with internal FRS teams to drive vendor due diligence activities, inclusive of identifying and assessing risks and mitigating controls.
- Develop knowledge of vendor services and obligations provided by National IT’s vendors and business owners’ reliance upon those services.
- Use knowledge to identify requirements, develop, monitor, and support the execution of third-party remediation actions and mitigation and contingency plans, as warranted, when risks or risk events are identified.
- Conduct risk assessments and develop mitigation plans, work closely with vendor managers and business stakeholders on the finalization of mitigation plans and execution against continuous monitoring and control plans.
- Assess the effectiveness of control and mitigation plans, advising National IT stakeholders on any required control enhancements for third-party risks.
- Review and interpret results of vendor audit reports and attestations (such as SOC2 reports); identify deficiencies and areas for remediation;
advise appropriate stakeholders on findings; incorporate into overall vendor risk assessment and mitigation plans.
- Review data and assist in advising stakeholders and others on best practices and how to implement the necessary changes to address third-party risks.
- Build communication and escalation plans related to third-party risk management activities across National IT.
- Provide strategic support to business owners, stakeholders, and leaders.
- Assist with process improvement and discussions related to third-party risk management solutions.
Qualifications :
- Bachelor's Degree or equivalent experience.
- 3 to 5+ years of experience in managing risk and compliance issues, or similar experience managing applications, projects, or systems that require identification, evaluation, and remediation of risk.
- Enhanced knowledge pertaining to concepts and principles related to third-party risk management.
- Experience with compliance and security audits, and risk mitigation plans.
- Experience developing and completing vendor risk assessments for enterprise-level vendor relationships.
- Understanding of various risk and security certifications and attestations (SOC2, ISO 27001, etc).
- Familiarity with third party risk and governance concepts.
- Proficient understanding of complex vendor risk-related issues through demonstrated experience managing vendor relationships, information security or regulatory compliance programs, and audits.
- Ability to tailor communications to their appropriate audience and present information in a credible, confident, and influential manner.
Communicate in a concise, direct and purposeful way.
monsterit
30+ days ago