Senior Risk Security Engineer
Posted on Mar 12, 2019 by Request Technology - Craig Johnson
Prestigious Enterprise Company is currently seeking a Senior Risk Security Engineer with strong Third Party Risk experience. Candidate will be responsible for assessing, overseeing and facilitating cyber risk activities.
- Assisting Businesses and coordinating with Procurement risk teams to facilitate risk identification and assessment for Third Party products/services during the on-boarding process.
- Project manage and executing on-going risk assurance activities including re-completion of Cyber Assurance activities and oversight of Businesses to ensure continued compliance.
- Project manage the enterprise service, requirements, procedures, technology, tools and templates.
- Providing stakeholder guidance throughout the life cycle (Third Party Evaluation: Pre-Contract and Third Party Assurance: Post Contract) as well as facilitating escalations regarding identified third party related exceptions or events.
- Work with Business Owners to ensure that third parties are classified based on the inherent and residual cyber risks for the products/services.
- Execute cyber assurance activities on behalf of the business and ensure coordination of efforts in a timely manner. This includes, but is not limited to leveraging external security reports, performing remote or on-site deep dive security control evaluation and independent report evaluation.
- Project manage completion of Business on-going risk management activities and report on instances of non-compliance or other areas of concern.
- Identify and facilitate exception escalation processes to ensure appropriate stakeholders and executives across the enterprise are involved based on defined risk thresholds.
- Actively monitor the exception management activities performed by the Business to ensure timely remediation or acceptance of identified exceptions.
- Serve as the subject matter specialist in the development of exception remediation plans as well as the review of completion evidence and exception closure.
- Generate key risk metrics, reporting and dashboards, then deliver to applicable to stakeholders and leadership on a regular basis.
- Ensure businesses and stakeholders receive training regarding third party risk capabilities, procedures and requirements.
- Perform Quality Control (QC) and Quality Assurance (QA) on activities completed throughout the life cycle.
- Oversight of third party data integrity and source of truth management.
- Management and administration of procedures, tools and corresponding support materials.
- Bachelor's Degree or equivalent work experience
- 3+ years of experience in Third Party Risk Assurance or audit required (remote or on-site)
- Deep knowledge of cyber security principles and best practices (industry certifications preferred)
- Audit background, including familiarity with SOC I (SSAE16 ) and SOC II, ISO 27001, etc. preferred
- Detail-oriented with strong organizational skills
- Ability to independently manage and prioritize work load