Third Party Risk Assessment and Mitigation and NIST and Security at Remote, Remote, USA |
Email: [email protected] |
From: vishnu priyanka, fluxtek solutions [email protected] Reply to: [email protected] Role:Third Party Risk Assessment and Mitigation/NIST/Security Position- Hybrid/ Commack/NYC/Remote Duration-1 year+ Contract status: C-C preferred or W2+ Referral. Interview Required: Video Candidate Visas Accepted : No Opt. THE MANAGER INFORMED US THAT THE PREFERRED LOCATIONS FOR THIS ROLE ARE COMMACK OR NYC OR THEY WILL CONSIDER 100% REMOTE FOR VERY STRONG CANDIDATES. THEY NEED TALENT FAST!! * ** We need: A senior Project Manager or Business Analyst with extensive experience working with third Party Security and NIST . Responsibilities include Conduct comprehensive third-party risk assessments to identify potential cyber threats, Develop and implement risk mitigation strategies to address identified vulnerabilities and Monitor third-party compliance with cybersecurity policies and standards. *** THIS CAN BE A PROJECT MANAGER OR BUSINESS ANALYST OR EVEN A RISK ASSESSMENT SPECIALIST THE BIG THING IS EXTENSIVE EXPERIENCE IN THIRD PARY SECURITY/NIST. ***** PLEASE, PLEASE GOOGLE THE DISTANCE FROM YOUR CANDIDATES DRIVERS LICENSE TO COMMACK, LONG ISLAND BEFORE SENDING. CANDIDATES NEED TO BE WITHIN A ONE HOUR COMMUTE AND NOT ALL OF NY AND NJ ARE COMMUTABLE TO COMMACK. 1. How many years working with: Third Pary security assessment 2. How many years working with: NIST 3. How many years working with: Develop and implement risk mitigation strategies to address identified vulnerabilities Job Description: Please send candidates who meet or exceed the Below experience: Experience Risk Assessment and Mitigation: - Conduct comprehensive third-party risk assessments to identify potential cyber threats. Develop and implement risk mitigation strategies to address identified vulnerabilities. - Monitor third-party compliance with cybersecurity policies and standards. 2. Policy Development and Implementation: - Establish and enforce policies and procedures for third-party cyber risk management. - Ensure third-party vendors adhere to the organization's cybersecurity requirements. 3. Vendor Management: - Oversee the evaluation, selection, and monitoring of third-party vendors. - Conduct regular audits and assessments of vendor security practices. - Manage contracts and service level agreements (SLAs) with third-party vendors. 4. Incident Response and Management: - Develop and maintain an incident response plan specific to third-party breaches. - Coordinate with third parties during cybersecurity incidents to ensure timely resolution. - Conduct post-incident reviews and implement improvements based on lessons learned. 5. Training and Awareness: - Provide training and awareness programs for internal stakeholders on third-party cyber risks. - Ensure third-party vendors are educated on the organization's cybersecurity expectations. 6. Reporting and Documentation: - Prepare regular reports on third-party cyber risk management activities for senior leadership. - Maintain accurate and up-to-date documentation of all third-party risk assessments and mitigation efforts. 7. Collaboration and Stakeholder Management: - Work closely with internal teams such as legal, procurement, and IT security. - Build strong relationships with third-party vendors to ensure effective communication and collaboration. 8. Regulatory Compliance: - Stay updated on relevant cybersecurity regulations and ensure third-party compliance. - Work with legal and compliance teams to address regulatory requirements related to third-party cyber risk. ### Required Skillsets: 1. Technical Knowledge: - Strong understanding of cybersecurity principles, frameworks, and standards (e.g., NIST, ISO 27001). - Experience with risk assessment tools and methodologies. - Knowledge of common cyber threats and vulnerabilities. 2. Analytical Skills: - Ability to analyze complex data and identify trends and patterns. - Strong problem-solving skills to address cyber risk issues. 3. Communication Skills: - Excellent verbal and written communication skills to convey technical information to non-technical stakeholders. - Ability to prepare clear and concise reports and presentations. 4. Leadership and Management: - Proven experience in leading and managing a team. - Ability to influence and drive change across the organization and with third-party vendors. 5. Vendor Management: - Experience in managing vendor relationships and contracts. - Strong negotiation skills to ensure favorable terms and conditions in vendor agreements. 6. Regulatory Knowledge: - Familiarity with relevant cybersecurity and data protection regulations (e.g., OCC, FRB, GLBA, GDPR, CCPA). - Ability to interpret and apply regulatory requirements to third-party risk management. 7. Project Management: - Strong project management skills to oversee multiple risk management initiatives. - Ability to prioritize tasks and manage time effectively. 8. Attention to Detail: - High level of attention to detail to ensure thorough risk assessments and accurate documentation. 9. Certifications (Preferred): - Certified Information Systems Security Professional (CISSP). - Certified Information Security Manager (CISM). - Certified in Risk and Information Systems Control (CRISC). 10. Experience: - Significant experience in cybersecurity, risk management, or a related field. - Experience in a senior management role, preferably in third-party risk management Keywords: cprogramm information technology wtwo New Jersey New York Third Party Risk Assessment and Mitigation and NIST and Security [email protected] |
[email protected] View all |
Fri Jul 19 00:37:00 UTC 2024 |