Information Security Third Party Risk Management
Job Overview
Job title: Information Security Third Party Risk Management
Job description: nformation Security Third Party Risk Management (TPRM) Lead
Long term contract
Banking industry
Must be able to be in the Montreal office 2 times a week
Resume and Information: phil.ross@randstad.ca
Missions
Strategies and delivery of action plans ensuring conformity with third party risk management compliance (e.g. regulator, auditor, policy, etc.) requires and industry best practices …
Development of strong partnerships with business and support line stakeholders for collaboration on defining strategy, effective execution of vendor security assessments and proactive adoption of information security behaviors
Assembly, monitoring, and reporting on vendor security metrics to ensure transparency, compliance, and steering of the perimeter
Key operational controls:
Evaluate vendor compliance with Société Générale cloud security standards
Perform Information Security risk assessments for new vendors and critical vendors
Interpret, identify, and mitigate critical risks factors in a timely matter
Maintain and monitor due diligence tasks for third-party vendors
Review vendor due diligence materials (i.e., SSAE 18 reports), identify potential issues, and follow up for unresolved issues
Track measure, report, and evaluate vendor performance
Perform information risk assessments for new vendors and critical vendors
Interpret, identify, and mitigate critical risks factors in a timely manner
Assist Department Heads and Managers with vendor selection process through information security risk review, completion of due diligence tasks and risk assessments
Troubleshoot vendor problems and present to management as required
Provide status reports to senior management, auditors, and regulators
Research on industry/regulatory and cyber security issues
Up to date and continuing education of compliance related issues and value-added training
Perform ad hoc analyses and participate in special projects as needed by management
Profile
8+ years’ demonstrable experience in Information Security Vendor Risk Management experience
Proficient with and at least one GRC tool (highly recommended)
Solid understanding of common security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software) preferred
Requires strong analytical skills, problem solving skills, and project/program management skills
Solid training in computer disciplines such as application and data security, cloud security, computer technology or software disciplines
Demonstrated ability to perform Vendor Risk assessments through on-site visits and reviewing SSAE18s
Ability to commit to deliver tasks in a timely and effective manner
Ability to work in a team environment
Ability to take responsibility for all actions performed on an individual basis
Proven ability to manage issues through to resolution
Solid understanding of the banking industry’s regulatory requirements for the managing of third parties (e.g., FFIEC)
Experience working with legal or sourcing as part of contract design to include key provisions for Vendor Risk Management
Hands-on knowledge of Information Security
Proven track record of participating in Vendor Risk Management Programs
Prior experience interfacing with external counterparties
Excellent written and verbal communication skills
Proven ability to manage issues through to resolution skilled at making sound decision-making calls
Ability to successfully multitask and complete difficult assignments with deadlines which may have short lead times
Excellent communication skills
EDUCATION/CERTIFICATIONS
Bachelor’s degree or equivalent business experience in Computer Science, Business Management, or MS required
Certified training in security management, risk and compliance solutions and practices
CISSP, CCSP, CCSK, CISA, CISM, GSEC, CRISC, or related certification(s) required
Advantages
Long term contract, 40 hours a week, large banking environment, Montreal based. Lots of opportunities to evolve within the organization
Responsibilities
Missions
Strategies and delivery of action plans ensuring conformity with third party risk management compliance (e.g. regulator, auditor, policy, etc.) requires and industry best practices
Development of strong partnerships with business and support line stakeholders for collaboration on defining strategy, effective execution of vendor security assessments and proactive adoption of information security behaviors
Assembly, monitoring, and reporting on vendor security metrics to ensure transparency, compliance, and steering of the perimeter
Key operational controls:
Evaluate vendor compliance with Société Générale cloud security standards
Perform Information Security risk assessments for new vendors and critical vendors
Interpret, identify, and mitigate critical risks factors in a timely matter
Maintain and monitor due diligence tasks for third-party vendors
Review vendor due diligence materials (i.e., SSAE 18 reports), identify potential issues, and follow up for unresolved issues
Track measure, report, and evaluate vendor performance
Perform information risk assessments for new vendors and critical vendors
Interpret, identify, and mitigate critical risks factors in a timely manner
Assist Department Heads and Managers with vendor selection process through information security risk review, completion of due diligence tasks and risk assessments
Troubleshoot vendor problems and present to management as required
Provide status reports to senior management, auditors, and regulators
Research on industry/regulatory and cyber security issues
Up to date and continuing education of compliance related issues and value-added training
Perform ad hoc analyses and participate in special projects as needed by management
Qualifications
Profile
8+ years’ demonstrable experience in Information Security Vendor Risk Management experience
Proficient with and at least one GRC tool (highly recommended)
Solid understanding of common security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software) preferred
Requires strong analytical skills, problem solving skills, and project/program management skills
Solid training in computer disciplines such as application and data security, cloud security, computer technology or software disciplines
Demonstrated ability to perform Vendor Risk assessments through on-site visits and reviewing SSAE18s
Ability to commit to deliver tasks in a timely and effective manner
Ability to work in a team environment
Ability to take responsibility for all actions performed on an individual basis
Proven ability to manage issues through to resolution
Solid understanding of the banking industry’s regulatory requirements for the managing of third parties (e.g., FFIEC)
Experience working with legal or sourcing as part of contract design to include key provisions for Vendor Risk Management
Hands-on knowledge of Information Security
Proven track record of participating in Vendor Risk Management Programs
Prior experience interfacing with external counterparties
Excellent written and verbal communication skills
Proven ability to manage issues through to resolution skilled at making sound decision-making calls
Ability to successfully multitask and complete difficult assignments with deadlines which may have short lead times
Excellent communication skills
EDUCATION/CERTIFICATIONS
Bachelor’s degree or equivalent business experience in Computer Science, Business Management, or MS required
Certified training in security management, risk and compliance solutions and practices
CISSP, CCSP, CCSK, CISA, CISM, GSEC, CRISC, or related certification(s) required
Summary
Profile
8+ years’ demonstrable experience in Information Security Vendor Risk Management experience
Proficient with and at least one GRC tool (highly recommended)
Solid understanding of common security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software) preferred
Requires strong analytical skills, problem solving skills, and project/program management skills
Solid training in computer disciplines such as application and data security, cloud security, computer technology or software disciplines
Demonstrated ability to perform Vendor Risk assessments through on-site visits and reviewing SSAE18s
Ability to commit to deliver tasks in a timely and effective manner
Ability to work in a team environment
Ability to take responsibility for all actions performed on an individual basis
Proven ability to manage issues through to resolution
Solid understanding of the banking industry’s regulatory requirements for the managing of third parties (e.g., FFIEC)
Experience working with legal or sourcing as part of contract design to include key provisions for Vendor Risk Management
Hands-on knowledge of Information Security
Proven track record of participating in Vendor Risk Management Programs
Prior experience interfacing with external counterparties
Excellent written and verbal communication skills
Proven ability to manage issues through to resolution skilled at making sound decision-making calls
Ability to successfully multitask and complete difficult assignments with deadlines which may have short lead times
Excellent communication skills
EDUCATION/CERTIFICATIONS
Bachelor’s degree or equivalent business experience in Computer Science, Business Management, or MS required
Certified training in security management, risk and compliance solutions and practices
CISSP, CCSP, CCSK, CISA, CISM, GSEC, CRISC, or related certification(s) required
Randstad Canada is committed to building a diverse workforce reflective of the diversity of Canada. As a result, we promote employment equity and encourage candidates, especially those who identify as a woman, an Aboriginal person, a person with a disability or a member of a visible minority group, and any others who may contribute to the diversification of our workforce, to apply.
Randstad Canada is also committed to developing an inclusive, barrier-free selection processes and work environments.If contacted in relation to a job opportunity, you should advise your Randstad Representative or your local Randstad branch in a timely fashion of the accommodation measures which must be taken to enable you to be assessed in a fair and equitable manner.Information received relating to accommodation measures will be addressed confidentially.
For all feedback on equity and accommodation needs, please contact your local Randstad Canada Branch.
Company: Randstad
Expected salary:
Location: Montreal, QC
Job date: Thu, 14 Oct 2021 07:31:14 GMT
Job Source: Careerjet.ca