Security Assessment Consultant - 3rd Party Suppliers

Company: Pinnacle Technical Resources Inc
Location: Plano
Posted on: June 7, 2021

Job Description:

Job Description:

• The Client Cyber Risk Management Team is looking for a passionate and highly-motivated Vendor Information Security person.
• The Cyber Risk Management team is part of the Information Security team responsible for protecting Client information assets from unauthorized disclosure, accidental or intentional loss of data, and modification.
• This group works to proactively identify existing and emerging risks and threats, and implement strategies and mitigations for them.
• This role specifically aids in that objective by working within the Cyber Risk and Third Party Cyber Risk Management team to drive vendor and supplier security assurance throughout the phases of the supplier lifecycle to ensure vendors comply with Client's security policies and standards and that the supplier related security risks are identified and managed.
• This role interacts with many different business groups inside and outside of the company as well as with individuals at varying levels within Client organization and Client supplier organizations.
• This position is primarily responsible for performing contract reviews to ensure contracts have Security System requirements and Data handling requirements and provide guidance on security requirements, this position will work with Legal, Privacy, Vendor Management, procurement groups and business units.
• Secondary this person may be involved in all phases of the vendor security risk process, including assessments of supplier security posture, validation of supplier provided assessments (e.g., SOC2), documentation of review and findings, engagement of relevant groups to discuss and resolve findings, aiding the development of reasonable remediation plans, performing qualitative and quantitative risk analysis and preparing reports in understandable terms for senior leadership and involved individuals.

Candidates will be doing:

• Perform review of contracts and addendums for security requirements.
• Assisting with the negotiation of supplier contracts with respect to security requirements and articulating risk to supplier and business managers when suppliers are not agreeing to security terms.
• Provide guidance to the business relationship managers to ensure their understanding, support and acceptance of the risks involved in doing business with each supplier.
• Work with internal and external teams around security and supplier relationships.
• Assist with Risk and Vendor Security program initiatives working closely with the Information Security team and other business areas
• Understand the role of the security department and how it contributes to the overall goals and business strategy of the Company.

Candidates may be doing:

• Perform all aspects of the security and risk assessment of suppliers and vendors through complex qualitative and quantitative review of risk indicators, threats, and assets
• Evaluate suppliers' security practices and provided documentation to identify the security posture and capability to securely manage Client information and assets
• Identify control gaps and vulnerabilities with suppliers and work with leadership and suppliers to address security concerns and remediation in a timely manner
• Document assessment results distilling complex analysis into a clear and understandable manner for supplier and business leadership audiences
• Verify remediation has been adequately implemented before closing open supplier security findings
• Conduct analysis and assessment of information security processes and system controls against corporate, regulatory, and internal information security compliance standards
• Provide guidance to information security functional teams with implementing, monitoring, and reporting of control processes, documentation, and compliance measures
• Identify internal control gaps, vulnerabilities and work with leadership to address security concerns and remediation in a timely manner
• Document assessment results distilling complex analysis into a clear and understandable manner for leadership audiences

Candidates bring:

• Demonstrated understanding of cyber security risk management concepts, cybersecurity frameworks, and security technologies.
• Strong knowledge of information security fundamentals, best practices, and industry standards with prior responsibilities of protecting information assets from unauthorized disclosure, accidental or intentional loss of data, and modification.
• Detailed knowledge and experience in security and regulatory frameworks including ISO 27001, NIST 800-53, FFIEC and other control standards.
• Excellent verbal and written communication skills required
• Excellent interpersonal skills required
• Excellent documentation and organizational skills required
• Bonus if candidates have:
• Knowledge of multiple security areas such as: Legal, security architecture, identity management or governance, incident response, security risk, and audit or compliance functions.
• Strong experience working within large enterprise environments and information security systems.
• CISSP and/or CISM security certification
• Other cyber risk and/or security industry certifications and training

#LI-MG1

Keywords: Pinnacle Technical Resources Inc, Plano , Security Assessment Consultant - 3rd Party Suppliers, Other , Plano, Texas