New York, NY
Pay: $70-75/hr
Duties:
Provides counsel and advice to top management on significant Information Protection matters, often requiring coordination between organizations. Viewed as an expert in a specific aspect of information security. Undertakes complex projects requiring additional specialized technical knowledge. Makes well-thought-out decisions on complex or ambiguous information security issues. Provides architectural oversight and direction for enterprise-wide security technology. Ensures high-level integration of application development with information security policies and strategies. Stays up-to-date on the direction of emerging industry standards. Identifies, evaluates, conducts, schedules and leads technical analyses functions to ensure all applicable IS security requirements are met. Provides technical analysis of requirements necessary for the protection of all information processed, stored, or transmitted by systems. Coordinates with users to determine requirements. Conducts security reviews of external service providers and outsourcing vendors and systems reviews to ensure appropriate security implementation. Focuses on providing thought leadership and technical expertise across multiple disciplines. Recognized internally as “the go-to person” for the most complex Information Protection assignments.
The Information Protection Sr. Advisor within the Third Party Cyber Risk Management (TPCRM) is responsible for providing guidance to the TPCRM program on Cyber Security decisions and consultation that has significant impact on strategic planning and the overall day-to-day third-party outsourcing risk by collaborating within a highly matrixed environment with multiple key stakeholders. This role will work closely with the TPCRM leadership and external/internal entities to solve unique and complex problems related to information protection that have broad impact on the business. The role works with the business and IT to anticipate external/internal outsourcing challenges and and/or regulatory issues, and recommends process, technical security design or service improvements. Act as a lead SME for TPCRM and is a recognized Information Protection expert and thought leader by both internal/external community and is responsible for technical leadership for TPCRM outsourcing services
Skills:
Understand the overall Third-Party landscape and accompany strategy and provide overall technical guidance to the, acting as conduit between Client Information Protection, Technology and the business
Lead development and implementation of Information Protection technical design, patterns, process and service improvements to business driven outsourcing intiatives
Perform ongoing vendor cyber security risk assessments to review complex technology and business risks related to vendors security controls/posture and determine acceptance to company framework of controls
Liaise with key functional teams such as Technology, Legal, Privacy, BCP, Information Protection and relevant business stakeholders to perform third party security reviews on their new and existing vendors and identify risks that require remediation
Perform comprehensive vendor security assessment, identify risk, determine appropriate risk levels, document risk in Archer GRC and recommend remediation or mitigation strategies to the business and/or technology teams
Vendor Governance – partner with vendors hosting or accessing our data in regular frequency to identify changes to security posture, identify non-conformances to agreed up controls, and identify current threats to ensure they are taking necessary steps to reduce exposure and risk
Work with business and technology teams to ensure security controls are built into IT functional specifications using leading industry practices and company defined controls
Drive relevant stakeholder participation in evaluation of risk and control effectiveness
Maintain expertise on security trends through training, research, and development in order to mitigate potential security exposure
Develop vendor “personas” that provide a profile of vendor to include but not limited to overview of company, scope of services, statement of work (SOW), etc.
#LI-HM1 |
APPLY NOW
Loading...