Responsibilities:
- Conducts inherent risk assessments with internal stakeholders
- Conducts technical security assessments of services with existing and new third parties.
- Creates, reviews, and contends contractual security details for third parties.
- Categorizes third parties for risk tiering and risk ratings based on assessments.
- Creates documentation of interactions with third parties.
- Collects metrics and creates technical reports and metrics for management.
Requirements:
A willingness to learn information security and third-party review processes. Experience working with information security, vendor contracts, procurement, and legal a plus.
- IT functional knowledge across many areas including on premise and cloud-based architectures, applications and tool sets, vulnerability testing, encryption, SDLC principles, and security best practices a plus.
- Background in related field of study (including any of the following but not limited to): Information Systems, Software Engineering, or Information Security.
- Certifications in related field is a plus (including any of the following but not limited to): CCSK, CTPRP, CCSP, CISSP.
- Must be a self-starter, capable of working with minimal direction.
- Strong skills in written and verbal communications.
- Problem solving, critical thinking, and logical structuring skills.
