Senior Manager - Third Party Risk Management - Auditing & Consulting Firm

- Advance the information security third-party risk management framework and develop risk appetite.
- Develop effective strategies for addressing high-risk suppliers.
- Oversee and perform security risk assessments, business impact analyses, and security control evaluations across third-party vendors in One Trust.

- Prepare risk register in One Trust to monitor and track risks.
- Provide supply chain security assessment remediation oversight and facilitate development of CUECs to document shared responsibility model.
- Perform client MSA security terms and conditions review and provide feedback to legal team.
- Ensure compliance with relevant firm security policies.
Skills Required
Experience with information security risk management framework, assessment, audit and controls based on industry standard frameworks (i.e., NIST; ISO; COSO; Hit rust, FAIR)
- Experience with regulatory requirements (i.e., PCI; GDPR; HIPPA; Privacy; CCPA; etc.)
- Experience using GRC tools and technologies in support of the assessment/audit process (One Trust, Security Scorecard, BitSight, etc.)
- Experience gathering information from a range of different sources to help identify weaknesses in security controls.
- Expert with security control design, development, implementation, and monitoring
- Demonstrated experience across multiple information security domains preferred.