Third Party IT Risk Analyst - New York, United States - Randstad Digital Americas

    Randstad Digital Americas
    Randstad Digital Americas New York, United States

    1 month ago

    Default job background
    Description


    The Third Party IT Risk Analyst position will be responsible for performing Third Party IT due diligence assessments in accordance with client's Third Party Risk Management requirements.

    In addition, this role will include participating in the development and execution of internal process improve projects.

    This role will provide the right candidate with an opportunity to gain exposure to a variety of business functions and make an impact within a highly visible organization.


    Responsibilities:
    Engage with internal and external stakeholders to understand context of the product/service.
    Execute kick-off, planning and scoping activities for third party risk assessments.
    Perform risk domain assessments of third parties control environment against client specific requirements.

    Review and challenge of Third Party completed risk assessment questionnaires as well as other IT security documents such as SOC 2, independent Pen Test reports.

    Document executive summaries detailing the assessment work completed, evidence reviewed and identified gaps.
    Managing issues or tasks assigned to the Third Partys to closure to reduce the IT risk.
    Educate and build awareness of third-party security requirements.

    Qualifications:
    Bachelor's degree or equivalent work experience; experience in either Information Technology Risk & Control or Risk Management, ideally within the financial services industry
    3-5 years of demonstrated Third Party Risk Assessments

    Relevant professional certifications such as:

    Certified Information Security Manager (CISM), Certified in Risk and Information System Control (CRISC) or Certified Information Systems Security Professional preferred.

    Demonstrate strong subject matter expertise and knowledge of Cloud Technologies, IT operations, cybersecurity operations, and Data Privacy
    Working knowledge of relevant assessment frameworks and/or industry standards
    Familiarity with TPRM industry regulations (e.g HIPPA, GLBA)
    Independently analyze and evaluate information from various data sources to determine if third party security controls are sufficient.
    Demonstrated experience partnering with cross functional stakeholders.
    Strong, professional written and verbal communication skills, including senior management.
    Document detailed assessment results clearly
    Strong analytical and organization skills including attention to detail
    Able to set priorities, and perform tasks within deadlines.
    Highly proficient with Excel, Word and SharePoint
    High-level interpersonal skills
    Extremely responsive and collaborative team-player
    Proven ability to be a self-starter capable of working with minimal supervision.
    Ability to thrive in a fast-moving environment