Third Party Cyber Risk Assesor

We are seeking a highly skilled and experienced Third Party Cyber Risk Assessor to join our team, responsible for conducting third-party cyber risk assessments for a global client portfolio. This individual will be critical in evaluating the security posture of third-party vendors, suppliers, and partners to ensure compliance with industry standards, regulations, and internal security policies as well as contracts. The ideal candidate will have a sound understanding of cyber risk management, vendor risk assessments, and an ability to communicate complex risk issues effectively to both technical and non-technical stakeholders.

• Conduct detailed cybersecurity risk assessments (audits) for third-party vendors, including reviewing their information security practices, policies, and controls.

• Assess third-party vendor security risks across multiple domains, including data protection, network security, identity & access management, and incident response.
• Identify, evaluate gaps and/or deficiencies in cybersecurity technical and/or policy/procedure controls.
• Perform thorough due diligence on third-party suppliers and partners, identifying potential vulnerabilities and risks that could impact the organization.
• Recommend solutions and alternatives to remediate gaps and/or deficiencies in cybersecurity technical and/or policy/procedure controls.
• Independently lead assessment meetings with clients and third parties to evaluate the implementation of cyber controls.
• Collaborate closely with global line management and regional colleagues on delivery, client management and internal and client communications.
• Master client’s proprietary security and contractual standards.
• Apply recognized cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls) in risk assessments and audits.
• Document findings, assessment processes, and recommended actions in a clear, concise, and actionable manner.

• Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or a related field (or equivalent experience).
• 3-5+ years of experience in cybersecurity, risk management, or IT auditing, with at least 3 years focused on third-party risk assessments or vendor risk management.
• Experience supporting Healthcare clients is required.
• Demonstrable expertise leading the delivery of assessments based on cybersecurity standards and frameworks such as NIST CSF 2.0, IS27001 and 27002, SOC2, Center for Internet Security (CIS) best practices, PCI-DSS, CSA Cloud Controls Matrix, GDPR, HIPAA, HITRUST, etc.
• Hands-on experience with tools and platforms used for third-party risk assessments, vulnerability scanning, and audit processes
• Strong understanding of information security domains such as access control, encryption, vulnerability management, network security, and incident response.
• Evidence of supporting clients overcome cybersecurity challenges in a broad array of sectors which may include, but is not limited to: Technology, Financial Services, and Retail.
• A deep understanding of governance, standards, and compliance as they pertain to cyber security. 
• Ability to analyze complex security data and translate findings into industry specific recommendations.

 Preferred Qualifications:

• Certifications: CISSP, CISM, CRISC, CISA, SCP, CCNP, ISO 27001 Lead Auditor  or other relevant security or risk management certifications.

• Experience working in a global organization and understanding of the challenges involved in managing risks across multiple jurisdictions.
• Project management skills to manage multiple assessments, stakeholders, and deadlines effectively.

• Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarized in the full job offer.
• We operate a discretionary bonus scheme that incentivizes, and rewards individuals based on company and individual performance.
• Control Risks supports hybrid working arrangements, wherever possible, that emphasize the value of in-person time together - in the office and with our clients - while continuing to support flexible and remote working.

Control Risks is committed to a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. If you require any reasonable adjustments to be made in order to participate fully in the interview process, please let us know and we will be happy to accommodate your needs.

Control Risks participates in the E-Verify program to confirm employment authorization of all newly hired employees. The E-Verify process is completed during new hire onboarding and completion of the Form I-9, Employment Eligibility Verification, at the start of employment. E-Verify is not used as a tool to pre-screen candidates. For more information on E-Verify, please visit www.uscis.gov.