Conduct ongoing third party security assessments to validate
appropriate controls are in place. and manage, monitor and track third
Document and communicate with business and IT regarding security
risks and deficiencies.
Provide Information Security consulting and subject matter expertise
on third party service contracts and/or Sourcing arrangements.
Assess the adequacy of a vendor's security program to safeguard
client data, and ensure proper evidence is gathered to facilitate
timely closure of remediation plans.
Focus on developing and improving security processes, assisting in
metrics development, both within the technology and business
Serve as advisors to the business by ensuring an ongoing awareness
of identified risks.
Utilize expertise to identify evolving security threats and provide
in-depth understanding of "if, how, and when" they should be addressed.
Evaluate and assess supplier criticality and review changes in scale
and scope of services contracted with supplier for material impact.
BA or BS degree, preferably in Computer Science, Business or
equivalent work experience.
Previous experience with AWS and Azure and third party use of Cloud
technology and services.
Previous experience with SOC 1, SOC 2, HITRUST, etc.
Previous experience with the NIST RMF
Previous experience and knowledge of qualitative or quantitative
risk analysis and modeling.
Demonstrated ability to elicit, document, analyze and verify
3+ years of experience with Cyber security.
Strong written documentation skills and technical writing are