Third Party Risk Management Analyst III
Location: Englewood, CO (5 days a week)
Max Salary: 103K/year
Client has an exciting opportunity for an Third Party Risk Management Analyst at our Headquarters location in Englewood, Colorado. The TPRM Analyst is a key part of our Information Security and Governance, Risk, and Compliance (GRC) teams. This position is full-time, permanent, and salaried with standard work hours, has no supervisory duties, and requires very little travel. We are looking for someone who can start immediately.
The Third Party Risk Management Analyst will function as a central third party risk management subject matter expert supporting enterprise teams looking to involve third parties in processes that interact with company data. They will provide cyber security and third party risk advice to business partners to effectively manage third party risk to the business and will validate that security and technology controls are included in contracts to support business and security requirements.
Primary responsibilities of the Third Party Risk Management Analyst include the following:
- Partner with Business Units to identify, analyze and mitigate third party security risk associated with outsourced activities and products.
- Provide third party security consultation for new and ongoing third party relationships.
- Consult on defining third party security policies and best practices.
- Educate and build awareness of third party security requirements.
- Improve compliance with security standards and policies across third parties used across the enterprise.
- Participate in testing and monitoring of security and privacy controls executed by third parties interacting with company data.
- Lead security enhancement projects focused on new or changing third party relationships.
- Maintain an inventory of third parties who possess and/or interact with company data, including key risk information about the relationship, data attributes involved, and regulatory compliance.
- Support completion of company’s information security review process for all new third parties, and annual reviews for all other relationships, that receive and/or interact with company data.
- Monitor open third party security issues and remediation actions associated with security control gaps to ensure timely closure.
- Continuously work to improve the overall Third Party Risk Management Program.
- Other responsibilities as assigned.
The successful candidate will possess the following qualifications:
- Project Management
- Self-led Learner
- Customer First Mentality
- Strong Adaptability
- Process Documentation Management
- Process Mapping Development
- Presentation Skills
- General Risk Management Foundation
- General Information Security Foundation
- Communication w Executives
- Team Mentorship
- Can Interpret Regulations and Compliance Requirements
- Thought Leadership
- General Security Control Framework Foundation
- Cross-functional Team Leadership
- Requires a well-organized, cheerful and persuasive individual, who can manage multiple priorities at once.
- Must have good meeting management and communication skills to keep conversations focused and productive.
- Must be self-driven; able to manage schedules, meet deadlines, coordinate with others, and perform tasks with minimal supervision.
- Must have the ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems.
- Solid working knowledge of information security concepts and controls.
- Excellent project management skills, with the ability to work within deadlines, juggle multiple priorities, design project plans, and provide project updates.
- Ability to work independently with little direction and/or supervision.
- Superior communication skills with the ability to ask questions, escalate roadblocks early, and interact effectively at multiple levels in the organization.
- Keen attention to detail with the ability to correct on the fly and work independently.
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.
- Strong understanding of mitigation methodologies and regulatory requirements pertaining to information security, privacy and/or data security.
- High-level interpersonal skills.
Education and Experience:
- Bachelor’s Degree and at least 3-5 years of directly related experience. Must have a solid understanding of SOX, PCI, CPNI, CCPA, FACTA and similar IT Compliance and Privacy regulations.
- Experience working in Third Party Risk Management preferred.
- Strong understanding of mitigation methodologies and regulatory requirements pertaining to information security, privacy, and/or data security.
- Professional certification (CISA, CSIM, CIA or similar) is highly desired. Candidates who apply will be tested in several areas, including verbal/spelling, math/logic and business problem-solving, and must meet minimum standards to be considered for this position.
- Experience working with contract documents is a big plus – contract administration and management. Negotiation experience not necessary.