Third Party Risk Management Assessor/Analyst - 100% remote (EST/CST only)
Optomi, in partnership with an IT company focused in the sustainability sector and innovation space are looking to add 2 third party risk assessors to their team! The Third Party Risk Management Assessor will play an integral role in identifying, evaluating, and reporting on cybersecurity risks on suppliers and other key third parties. This will allow the client to manage identified risks and meet regulatory and compliance requirements. The ideal candidate for this role has both the technical expertise and communication skills to influence and seamlessly collaborate across multiple stakeholder groups.
This position will convert or extend after 6 months based on candidate.
Required Qualifications:
- Bachelor’s degree and/or a minimum of 5+ years of equivalent experience in Cybersecurity, IT Audit/Governance/Risk/Compliance, or similar role
- Solid technical understanding of cybersecurity concepts, standards, guidelines and principles, particularly with regards to cloud providers and Software as A Service (SaaS)
- Familiarity with regulatory frameworks and controls such as ISO 27001, NIST-CSF and/or 800-53; SSAE 18/SOC2
- Strong critical thinking and analytical skills with the ability to apply technical requirements to operational/business controls and requirements
- At least one of the following certifications preferred: CISM, CISSP, CISA, CRISC
Responsibilities:
- Conduct cybersecurity risk assessments of suppliers
- Review of inherent risk profiles
- Review of detailed security assessments and evidence
- Generation of assessment reports focused on key risks and control health
- Document and report on identified supplier risks associated with business, products, systems and information assets
- Work closely with key stakeholders on identifying adequate risk reduction measures where required, and collaborating with technical SMEs as needed
- Coordinate with internal stakeholders on assessment results and mitigation strategies