* Most of Client's vendor risk assessments are done remotely (request vendor documents) versus going to the vendor's site* * Articulate in verbal and written communication * Ability to convey technical concepts in "layman" terms * Confident to make independent decisions * Willingness and desire to accept other viewpoints * Collaborate with other individuals to complete common goal
Required skills:
* Strong and deep information security risk identification (includes Cloud services), assessment, and risk ranking experience * Basic understanding of the risk management concepts of Inherent and Residual risk
Working experience with the following documents used in a risk assessment:
* SIG (Standardized Information Gathering) questionnaire * Penetration test * Vulnerability test * SOC (Service Organization Control) 1 and 2, Type 2
Experience with the following standards:
* ISO 27001 and 27002 * NIST relevant to information technology/security/cloud * Cloud Security Alliance control matrix * Shared Assessments' SCA (Standardized Control Assessment) control assessment guidelines
Experience in assessing the following risks:
* Privacy of information * Information technology disaster recovery * 4th party (subcontractor) * Concentration * Critical services
Nice to have:
* Financial services third-party risk management experience * Familiar with the Office of the Comptroller's 2013 Third-party risk management lifecycle guidance
Years Experience: 4+ Years
Let your dream job find you.
Sign up to start matching with top companies. It’s fast and free.