Match score not available

Third party risk manager

Remote: 
Full Remote
Contract: 
Experience: 
Senior (5-10 years)
Work from: 

Offer summary

Qualifications:

Bachelor's degree in Information Security, Risk Management, Business Administration or related field; relevant certifications preferred., 5+ years experience in third-party risk management, information security, or compliance roles., Deep understanding of information security principles, standards, best practices, regulatory requirements and frameworks., Experience in conducting risk assessments, vendor audits, compliance reviews, with strong analytical skills..

Key responsabilities:

  • Develop and implement comprehensive third-party risk management framework.
  • Conduct risk assessments, maintain relationships with vendors, ensure compliance.
  • Evaluate and monitor contracts, implement remediation plans, stay updated on threats.
  • Provide regular reporting to senior management and stakeholders. Participate in due diligence activities.
  • Serve as a subject matter expert, provide guidance and support to internal teams.
Enfosec logo
Enfosec Startup
11 - 50 Employees
See more Enfosec offers

Job description

Hiring Third Party Risk Manager for a leading FTSE 250 company, position is Remote.

Job Description:

The Third-Party Risk Manager will be responsible for overseeing the company's third-party risk management program, with a primary focus on information security and compliance. Reporting to the Head of Third Party Risk the successful candidate will collaborate with various stakeholders across the organization to identify, assess, and mitigate risks associated with third-party vendors, suppliers, and partners. This role requires a deep understanding of information security principles, regulatory requirements, and best practices in third-party risk management.

Key Responsibilities:

  1. Develop and implement a comprehensive third-party risk management framework aligned with industry standards, regulatory requirements, and organizational objectives.
  2. Conduct thorough risk assessments of third-party vendors and suppliers to evaluate their security posture, compliance with applicable regulations, and overall risk exposure.
  3. Establish and maintain effective relationships with third-party vendors, including conducting regular meetings and communications to discuss security requirements, performance expectations, and risk mitigation strategies.
  4. Collaborate with internal stakeholders, including legal, procurement, IT, and compliance teams, to ensure alignment and consistency in third-party risk management processes and procedures.
  5. Evaluate and monitor third-party contracts, service level agreements (SLAs), and other agreements to ensure compliance with security and privacy requirements, including data protection regulations (e.g., GDPR, CCPA).
  6. Develop and implement remediation plans to address identified risks and deficiencies in third-party relationships, working closely with vendors to implement corrective actions and improvements.
  7. Stay abreast of emerging threats, vulnerabilities, and regulatory changes impacting third-party risk management and information security, and proactively adjust risk management strategies and controls accordingly.
  8. Provide regular reporting and updates to senior management and stakeholders on the status of third-party risk management activities, including key risk indicators (KRIs), trends, and areas of concern.
  9. Participate in vendor due diligence activities, including assessing the security and compliance posture of prospective vendors and conducting on-site audits or assessments as needed.
  10. Serve as a subject matter expert on third-party risk management and information security, providing guidance and support to internal teams and stakeholders as needed.

Qualifications:

  • Bachelor's degree in Information Security, Risk Management, Business Administration, or related field; relevant certifications (e.g., CISSP, CISM, CRISC) preferred.
  • Proven experience (5+ years) working in third-party risk management, information security, or compliance roles, preferably in a regulated industry.
  • Deep understanding of information security principles, standards, and best practices, including ISO 27001, NIST Cybersecurity Framework, and PCI DSS.
  • Strong knowledge of regulatory requirements and frameworks related to third-party risk management and data protection, such as GDPR, CCPA, HIPAA, and SOC 2.
  • Experience conducting risk assessments, vendor audits, and compliance reviews, with strong analytical and problem-solving skills.
  • Excellent communication and interpersonal skills, with the ability to effectively communicate complex technical concepts to non-technical stakeholders.
  • Proven ability to work independently and collaboratively in a cross-functional team environment, managing multiple priorities and deadlines effectively.
  • Demonstrated leadership skills and the ability to influence and drive change within the organization.
  • High level of integrity, professionalism, and ethical conduct, with a commitment to upholding confidentiality and privacy principles.

Join our team and play a vital role in protecting our organization from third-party risks while maintaining the highest standards of information security and compliance. If you're a proactive and results-driven professional with a passion for risk management and security, we want to hear from you. Apply now to be part of our dynamic and innovative team.

Required profile

Experience

Level of experience: Senior (5-10 years)
Spoken language(s):
English
Check out the description to know which languages are mandatory.

Other Skills

  • Teamwork
  • Communication
  • Leadership
  • Social Skills

Risk Manager Related jobs