AI Governance SME executing governance, risk, and control activities for artificial intelligence in leading financial institution. Collaborating to develop standards and ensure compliance in evolving tech landscape.
About the role
- Third Party Risk Consultant overseeing cyber security due diligence for new and existing suppliers. Collaborating with teams to communicate findings and manage third-party risks.
Responsibilities
- Perform cyber security due diligence of new suppliers and performance of on-going due diligence for existing supplier relationships.
- Hold and drive internal and external discussions with business partners regarding third-party cyber security requirements.
- Communicate results and findings of third-party assessments in a clear and professional manner with all levels of the organization, in addition to external business partners.
- Evaluate third-party threats, vulnerabilities, and control weaknesses to determine applicability and significance, and recommend mitigation.
- Work with cyber team lead to understand control requirements to enforce and determine cyber security risks of third parties.
- Monitor for third-party cyber incidents and manage responses and mitigations when they occur.
Requirements
- Ability to read, understand, and perform due diligence of vendors by analyzing and reviewing cyber security controls and documentation provided, such as SOC 2’s, written information security programs, industry certifications, and network penetration testing results.
- Experience with vulnerability management, incident management
- Demonstrated experience as a trusted advisor and partner.
- Excellent analytical and problem-solving skills, including ability to create and adapt to unconventional controls.
- Broad understanding of cyber security practices for third party risks including software, cloud, SaaS.
- Experience with the review of cyber security contractual agreements and amendments, applying risk-driven techniques.
- Familiarity with managing your workload using a Jira Kanban board.
- Software security lifecycle and vulnerability management experience including familiarity with threat modeling, static code analysis, dynamic scanning, and penetration testing.
- Strong communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues in clear and concise business terms.
- Strong project management skills with the ability to manage multiple priorities.
- Working with and executing proficiently in industry known GRC tools.
Benefits
- Health insurance
- Paid time off
- Flexible working arrangements
- Professional development opportunities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
IT Governance and Controls Analyst in UK IT Service Delivery at Zurich. Supporting design and management of IT controls with a focus on governance and compliance.
Risk Management Lead managing the development of IESO's enterprise risk management program. Collaborating across the organization to identify, assess, monitor, and report on risks.
Lead Data Governance & Data Quality team for Insider Risk. Analyzing data sources and developing quality metrics while collaborating with cross - functional teams.
Data/Operations Analyst analyzing insider and cyber risks for SMBC. Utilizing data analytics and reporting to enhance cybersecurity measures in a hybrid work environment.
SG
Executive Director leading Treasury Risk Management group for SMBC in the Americas. Responsible for Interest Rate Risk and Portfolio Mark - to - Market Risk Oversight with extensive collaboration and leadership.
Head of Liquidity Risk Oversight managing a team for SMBC's Treasury Risk Management. In charge of liquidity risk for the Americas region overseeing a $300B balance sheet.
Manager, Third Party Risk Assessment leading assessments of suppliers’ information security practices. Collaborating across teams to drive operational excellence in a global financial services organization.
Senior Consultant at Truist overseeing governance programs with focus on marketing strategy and operational efficiencies. Collaborating with division leadership, advising on compliance and risk management, within the financial services sector.
Vice President managing Technology and Operational Resiliency Risk at USAA. Overseeing risk management programs ensuring compliance with regulations and alignment with strategic objectives.