Job Description:
Support key program objectives to ensure TPRM s critical 2024 goals are accomplished in alignment with organizational expectations.
Provide advisory services to evaluate, recommend, design, and implement third-party risk management solutions and process improvements.
Collaborate with internal FRS teams to drive vendor due diligence activities, inclusive of identifying and assessing risks and mitigating controls.
Develop knowledge of vendor services and obligations provided by National IT s vendors and business owners
reliance upon those services.
Use knowledge to identify requirements, develop, monitor, and support the execution of third-party remediation actions and mitigation and contingency plans, as warranted, when risks or risk events are identified.
Conduct risk assessments and develop mitigation plans, work closely with vendor managers and business stakeholders on the finalization of mitigation plans and execution against continuous monitoring and control plans.
Assess the effectiveness of control and mitigation plans, advising National IT stakeholders on any required control enhancements for third-party risks.
Review and interpret results of vendor audit reports and attestations (such as SOC2 reports); identify deficiencies and areas for remediation; advise appropriate stakeholders on findings; incorporate into overall vendor risk assessment and mitigation plans.
Review data and assist in advising stakeholders and others on best practices and how to implement the necessary changes to address third-party risks.
Build communication and escalation plans related to third-party risk management activities across National IT.
Provide strategic support to business owners, stakeholders, and leaders.
Assist with process improvement and discussions related to third-party risk management solutions.
Qualifications:
Bachelor's Degree or equivalent experience.
3 to 5+ years of experience in managing risk and compliance issues, or similar experience managing applications, projects, or systems that require identification, evaluation, and remediation of risk.
Enhanced knowledge pertaining to concepts and principles related to third-party risk management.
Experience with compliance and security audits, and risk mitigation plans.
Experience developing and completing vendor risk assessments for enterprise-level vendor relationships.
Understanding of various risk and security certifications and attestations (SOC2, ISO 27001, etc).
Familiarity with third party risk and governance concepts.
Proficient understanding of complex vendor risk-related issues through demonstrated experience managing vendor relationships, information security or regulatory compliance programs, and audits.
Ability to tailor communications to their appropriate audience and present information in a credible, confident, and influential manner. Communicate in a concise, direct and purposeful way.
#monsterit
#J-18808-Ljbffr
