* Most of client's vendor risk assessments are done remotely (request vendor documents) versus going to the vendor's site * Articulate in verbal and written communication * Ability to convey technical concepts in "layman" terms * Confident to make independent decisions * Willingness and desire to accept other viewpoints * Collaborate with other individuals to complete common goal
Required skills:
* Strong and deep information security risk identification (includes Cloud services), assessment, and risk ranking experience * Basic understanding of the risk management concepts of Inherent and Residual risk
Working experience with the following documents used in a risk assessment:
* SIG (Standardized Information Gathering) questionnaire, * Penetration test * Vulnerability test * SOC (Service Organization Control) 1 and 2, Type 2
Experience with the following standards:
* ISO 27001 and 27002 * NIST relevant to information technology/security/cloud * Cloud Security Alliance control matrix * Shared Assessments' SCA (Standardized Control Assessment) control assessment guidelines
Experience in assessing the following risks:
* Privacy of information * Information technology disaster recovery * 4th party (subcontractor) * Concentration * Critical services
Nice to have:
* Financial services third-party risk management experience * Familiar with the Office of the Comptroller's 2013 Third-party risk management lifecycle guidance
Education Level:
* Bachelor Degree * Years Experience: 4+ Years
As an equal opportunity employer, ICONMA prides itself on creating an employment environment that
supports and encourages the abilities of all persons regardless of race, color, gender, age, sexual
orientation, citizenship, or disability.
Let your dream job find you.
Sign up to start matching with top companies. It’s fast and free.