Senior Risk Security Engineer

Save
You need to sign in or
create an account to save a job.

Prestigious Enterprise Company is currently seeking a Senior Risk Security Engineer with strong Third Party Risk experience. Candidate will be responsible for assessing, overseeing and facilitating cyber risk activities.

Responsibilities:

  • Assisting Businesses and coordinating with Procurement risk teams to facilitate risk identification and assessment for Third Party products/services during the on-boarding process.
  • Project manage and executing on-going risk assurance activities including re-completion of Cyber Assurance activities and oversight of Businesses to ensure continued compliance.
  • Project manage the enterprise service, requirements, procedures, technology, tools and templates.
  • Providing stakeholder guidance throughout the life cycle (Third Party Evaluation: Pre-Contract and Third Party Assurance: Post Contract) as well as facilitating escalations regarding identified third party related exceptions or events.
  • Work with Business Owners to ensure that third parties are classified based on the inherent and residual cyber risks for the products/services.
  • Execute cyber assurance activities on behalf of the business and ensure coordination of efforts in a timely manner. This includes, but is not limited to leveraging external security reports, performing remote or on-site deep dive security control evaluation and independent report evaluation.
  • Project manage completion of Business on-going risk management activities and report on instances of non-compliance or other areas of concern.
  • Identify and facilitate exception escalation processes to ensure appropriate stakeholders and executives across the enterprise are involved based on defined risk thresholds.
  • Actively monitor the exception management activities performed by the Business to ensure timely remediation or acceptance of identified exceptions.
  • Serve as the subject matter specialist in the development of exception remediation plans as well as the review of completion evidence and exception closure.
  • Generate key risk metrics, reporting and dashboards, then deliver to applicable to stakeholders and leadership on a regular basis.
  • Ensure businesses and stakeholders receive training regarding third party risk capabilities, procedures and requirements.
  • Perform Quality Control (QC) and Quality Assurance (QA) on activities completed throughout the life cycle.
  • Oversight of third party data integrity and source of truth management.
  • Management and administration of procedures, tools and corresponding support materials.

Qualifications:

  • Bachelor's Degree or equivalent work experience
  • 3+ years of experience in Third Party Risk Assurance or audit required (remote or on-site)
  • Deep knowledge of cyber security principles and best practices (industry certifications preferred)
  • Audit background, including familiarity with SOC I (SSAE16 ) and SOC II, ISO 27001, etc. preferred
  • Detail-oriented with strong organizational skills
  • Ability to independently manage and prioritize work load