Third-Party Security Risk Manager - INSPYR Solutions
Miami, FL 33178
About the Job
Title: Third-Party Security Risk Manager
Location: Miami, FL (Hybrid)
Duration: Direct Hire
Compensation: $120,000- $140,000
Work Requirements: US Citizen, GC Holders or Authorized to Work in the US
The Third-Party Security Risk Manager is responsible for the management, development, and oversight of the Third Party Security Risk Management (TPSRM) program. The goal of this role is to effectively identify, evaluate, monitor, and manage information security risks associated with third party business partners that do work for, or have access to the corporations's data. Primary activities include assessing third-party security risks, facilitation of the due diligence assessment process, and ensuring contractual requirements are implemented into legal agreements.
Additional responsibilities include managing service level agreements for assessment reviews, working with our resident engineer for troubleshooting and enhancing functionality within the assessment tool (OneTrust), and acting as the primary escalation liaison between the TRPM team and the business owners of third-party relationships.
Strong process management and communication skills are required for this role. A sound knowledge of the industry and TPRM experience will be applied to assist leadership with ongoing strategic efforts, such as: integration with surrounding global functions and systems, global program facilitation and reporting capabilities, management of professional services and associated KPIs, and implementation of additional program automation and identified development opportunities.
Essential Functions:
About INSPYR Solutions
Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients’ business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.
INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.
Location: Miami, FL (Hybrid)
Duration: Direct Hire
Compensation: $120,000- $140,000
Work Requirements: US Citizen, GC Holders or Authorized to Work in the US
The Third-Party Security Risk Manager is responsible for the management, development, and oversight of the Third Party Security Risk Management (TPSRM) program. The goal of this role is to effectively identify, evaluate, monitor, and manage information security risks associated with third party business partners that do work for, or have access to the corporations's data. Primary activities include assessing third-party security risks, facilitation of the due diligence assessment process, and ensuring contractual requirements are implemented into legal agreements.
Additional responsibilities include managing service level agreements for assessment reviews, working with our resident engineer for troubleshooting and enhancing functionality within the assessment tool (OneTrust), and acting as the primary escalation liaison between the TRPM team and the business owners of third-party relationships.
Strong process management and communication skills are required for this role. A sound knowledge of the industry and TPRM experience will be applied to assist leadership with ongoing strategic efforts, such as: integration with surrounding global functions and systems, global program facilitation and reporting capabilities, management of professional services and associated KPIs, and implementation of additional program automation and identified development opportunities.
Essential Functions:
- Serve as the GCS TPSRM subject-matter-expert to identify, evaluate, and manage risks associated to third parties processing or accessing personal and / or confidential data on our clients behalf.
- Facilitate TPSRM due-diligence processes across business units; drive appropriate stakeholder participation in the assessment, evaluation, and acceptance of risk
- Manage vendor relationships, field inquiries, and oversee/assist in the vendor assessment process utilizing the RiskRecon platform
- Assess procedures and controls to ensure compliance with applicable company and industry standards.
- Development of dashboard and reporting capabilities for the TPRM program; provide leadership re Conduct training as required throughout company business units to enhance TPRM awareness and compliance porting as required (weekly)
- Support program lead with all additional ongoing strategic projects in place to enhance program maturity
- Education: Bachelor's degree
- Major/Discipline: Cybersecurity related
- Required Certifications: Nice to have: CTPRP, CISSP, CISM, CRISC
- Required Years and Area of Professional Experience: 5
- Critical Professional Related Technical/Computer Skills: Excellent oral and written communication, presentation, and collaboration skills. Strong organization skills with the ability to deal with multiple tasks and projects simultaneously. Experience working with legal to conduct contract language reviews. Experience with GRC tools used to conduct TPRM due diligence assessments, preferably OneTrust.
- Other Requirements: Experience with the Microsoft Professional Office Suite, including Teams, SharePoint, and Office
- Preferred Education: Master's in Cybersecurity
- Preferred Experience and Type: Possess strong organization and communication skills and can communicate security processes and associated risks to non-technical business stakeholders. Has a solid understanding of key security frameworks, including NIST CSF, PCI-DSS, SOX, ISO, etc. Candidate will need to develop a deep understanding of the company structure, key stakeholders, products, and policies / standards to facilitate resolution amongst groups with conflicting priorities. Excellent leadership, project management, and presentation skills. Must be able to work independently and efficiently in a remote working environment
- Third Party Risk Management, Presentation, Risk Management
- Tactical: Decisions focus on intermediate-term issues. The purpose of decisions made at this level are to help move CCL closer to reaching strategic goals. Outcomes are predictable. After a decision is made by Top Executive Leadership, the next phase is to take the needed steps to implement it. Examples are: The amount of money required to implement, which advertising agency to promote a new service or to provide an incentive plan to employees to encourage increased revenue. Example: The direction to take the TPRM program. Which process to follow, what automation to use.
- Operational: Decisions focus on day-to-day activities within the company. Decisions made at this level help to ensure that daily activities proceed smoothly and therefore help to move the company toward reaching a strategic goal. They have short term consequences. Examples are: Handling employee conflicts, purchasing materials needed for operations. Examples: Handling escalations and resolving disputes between business owners and security.
- Standard: These decisions are those that are repetitive decisions on a recurring basis and are commonly related to daily activities. They are relatively simple, relying on historical data and previous solutions. Examples are: reordering of standard office supplies, handling transactions. Examples: Daily queue processing and supporting questions.
- Comprehensive medical benefits
- Competitive pay
- 401(k) Retirement plan
- …and much more!
About INSPYR Solutions
Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients’ business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.
INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.
Source : INSPYR Solutions