Third Party Risk Security Engineer

Posted on Apr 17, 2019 by Request Technology - Anthony Honquest

Oakland, CA 94601
Information Technology
Immediate Start
$120k - $140k Annual
Full-Time

Third Party Risk Security Engineer
Oakland, CA
$120-140K +bonus

The Third Party Risk Security Engineer will be responsible for assessing, overseeing and facilitating cyber risk activities, including:

Assisting Businesses and coordinating with Procurement risk teams to facilitate risk identification and assessment for Third Party products/services during the on-boarding process (Third Party Evaluation).

Project manage and executing on-going risk assurance activities including re-completion of Cyber Assurance activities and oversight of Businesses to ensure continued compliance with TPRA requirements.

Project manage the enterprise TPRA service, requirements, procedures, technology, tools and templates.

Providing stakeholder guidance throughout the TPRA life cycle (Third Party Evaluation: Pre-Contract and Third Party Assurance: Post Contract) as well as facilitating escalations regarding identified third party related exceptions or events.

The Security Engineer 3 will be responsible for assessing, overseeing and facilitating cyber risk activities, including:

Assisting Businesses and coordinating with Procurement risk teams to facilitate risk identification and assessment for Third Party products/services during the on-boarding process (Third Party Evaluation).

Project manage and executing on-going risk assurance activities including re-completion of Cyber Assurance activities and oversight of Businesses to ensure continued compliance with TPRA requirements.

Project manage the enterprise TPRA service, requirements, procedures, technology, tools and templates.

Providing stakeholder guidance throughout the TPRA life cycle (Third Party Evaluation: Pre-Contract and Third Party Assurance: Post Contract) as well as facilitating escalations regarding identified third party related exceptions or events.

How you will make an impact:

  • Work with Business Owners to ensure that third parties are classified based on the inherent and residual cyber risks for the products/services provided to Company.
  • Execute cyber assurance activities on behalf of the business and ensure coordination of efforts in a timely manner. This includes, but is not limited to leveraging external security reports, performing remote or on-site deep dive security control evaluation and independent report evaluation.
  • Project manage completion of Business on-going risk management activities and report on instances of non-compliance or other areas of concern.
  • Identify and facilitate exception escalation processes to ensure appropriate stakeholders and executives across the enterprise are involved based on defined risk thresholds.
  • Actively monitor the exception management activities performed by the Business to ensure timely remediation or acceptance of identified exceptions.
  • Serve as the subject matter specialist in the development of exception remediation plans as well as the review of completion evidence and exception closure.
  • Generate key risk metrics, reporting and dashboards, then deliver to applicable to stakeholders and Company leadership on a regular basis.
  • Ensure businesses and TPRA stakeholders receive training regarding Company's TPRA capabilities, procedures and requirements.
  • Perform Quality Control (QC) and Quality Assurance (QA) on TPRA activities completed throughout the life cycle.
  • Oversight of third party data integrity and source of truth management within the TPRA Tool.
  • Management and administration of TPRA procedures, tools and corresponding support materials.

What we're looking for:

  • Bachelor's Degree or equivalent work experience
  • 3-5 years of experience in Third Party Risk Assurance or audit required (remote or on-site)
  • Deep knowledge of cyber security principles and best practices (industry certifications preferred)
  • Audit background, including familiarity with SOC I (SSAE16) and SOC II, ISO 27001, etc. preferred
  • Detail-oriented with strong organizational skills
  • Ability to independently manage and prioritize work load
  • Good judgment and analytical skills
  • Excellent oral and written communication skills
  • Knowledge of insurance industry preferred
  • Third Party Risk Assurance service design and execution experience preferred

Reference: 694506811

Similar Jobs

Security Engineer - Third Party Risk

Oakland, CA

Request Technology - Robyn Honquest

Third Party Risk Engineer

Oakland, CA

Request Technology - Kyle Honn

Security Engineer Risk

Oakland, CA

Request Technology

Senior Risk Security Engineer

Oakland, CA

Request Technology - Craig Johnson