AI Security Architect focusing on AI security and governance for Voya Financial's applications and projects. Leading initiatives in artificial intelligence and securing innovative technology solutions.
SL
Hybrid Senior Analyst, Third-Party Security
Posted 23 minutes ago
About the role
- Senior Analyst for Third-Party Security at a leading law firm. Responsible for program execution and risk assessment regarding vendors and service providers.
Responsibilities
- Conduct information security due diligence including secure by design reviews, during vendor onboarding, at renewal, and periodic review cycles.
- Apply a risk-based approach to third party security assessments, including documenting compensating controls and risks acceptances where appropriate.
- Evaluate third-party architectures, including network connectivity (VPN, reverse proxy), data flows, encryption models, and access controls.
- Assess risks related to cloud environments (AWS/Azure/GCP), SaaS platforms, and API integrations.
- Analyze external risk intelligence sources (e.g., BitSight, SecurityScorecard) and correlate with internal findings.
- Review and challenge secure design, identity/access models (SSO, OAuth, SCIM), and data protection mechanisms.
- Enhance and maintain a comprehensive vendor inventory, including vendor profiling and inherent risk determination.
- Enhance and maintain a third-party risk register and track mitigation efforts for identified security risks.
- Develop and implement strategies to mitigate identified risks, working closely with third parties and internal stakeholders to address security gaps.
- Support a continuous monitoring program to assess third-party security posture and follow up on identified vulnerabilities and security risks.
- Partner with general counsel and vendor management to incorporate information security requirements into third-party contracts.
- Work with internal security teams to investigate and respond to third-party related security incidents.
- Support and enhance escalation procedures and remediation requirements related to third-party security breaches.
- Prepare and present third-party risk metrics, dashboards, trends, and highlighted risks to senior management and IT leadership.
- Contribute to the continuous improvement and scalability of the Firm’s third-party security risk management program.
- Partner with the Third Party Security Senior Manager to build and enhance strategic objectives of the program.
Requirements
- Bachelor’s degree or related experience required
- 10+ years of progressive experience in information security, third-party risk management, IT risk, or cybersecurity assurance, with at least 3 years focused on third party risk management.
- Strong understanding of information security controls and frameworks (ISO 27001/27002, NIST CSF, CIS Controls, etc.)
- Proficient understanding of third-party security domains, including data protection, access controls, incident response and cloud security.
- Proven ability to perform third-party security risk assessments by reviewing security questionnaires, audit reports, policies and penetration test results to identify control gaps, formulate follow-up inquiries, and document remediation requirements.
- Deep knowledge of technology supplier ecosystems (software, cloud, IT labor, and infrastructure) and associated risk dynamics.
- Experience producing clear risk summaries, remediation recommendations, and executive level reporting
- Familiarity with information security and data protections requirements in third party contracts.
- Excellent communication skills: clear, structured, and persuasive with the ability to educate and inspire teams around risk and performance ownership.
- Proven ability to influence stakeholders without direct authority.
- Ability to work independently and collaboratively in a team environment
- Demonstrated ability to handle sensitive and/or confidential material and information with suitable discretion.
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Application Architecture Engineer responsible for defining software architecture frameworks and leading implementation teams. Driving innovation in developing robust and scalable applications at Schneider Electric.
Security Officer managing safety and security at Cromwell Hospital and Canary Wharf locations. Responding to security requests and maintaining logs while ensuring compliance with safety regulations.
Behavioral Health & Security Associate in Peoria providing care and oversight for patients with behavioral health needs. Ensuring a safe environment and effective support for patients and staff.
AI Security Engineer at Prologis focused on securing AI integrations and developing AI security controls. Collaborating with engineering and business teams to promote secure AI practices.
Project Coordinator managing security projects at The Missing Link, ensuring client satisfaction and project deliverables. Coordinating teams and maintaining timelines for project success in the IT field.
Information Security Specialist ensuring optimal protection of data and systems at University of Toronto. Implementing security platforms and best practices for data integrity and threat mitigation.
Loss Prevention Agent responsible for security and loss prevention in logistics facilities. Ensuring safety and protection of property, clients, employees, and guests within the workspace.
Analyst Relations Manager shaping market understanding of Upwind's innovative cloud and AI security platform. Leading relationships with industry analysts to enhance visibility, credibility, and category leadership.
Sr Network Security Engineer designing security architectures and leading security initiatives for RBC. Collaborating across teams to deliver multi - layered security solutions and mentoring team members in engineering best practices.