We are seeking a highly skilled and experienced Third Party Cyber Risk Assessor to join our team, responsible for conducting third-party cyber risk assessments for a global client portfolio. This individual will be critical in evaluating the security posture of third-party vendors, suppliers, and partners to ensure compliance with industry standards, regulations, and internal security policies as well as contracts. The ideal candidate will have a sound understanding of cyber risk management, vendor risk assessments, and an ability to communicate complex risk issues effectively to both technical and non-technical stakeholders.

• Conduct detailed cybersecurity risk assessments (audits) for third-party vendors, including reviewing their information security practices, policies, and controls.
• Assess third-party vendor security risks across multiple domains, including data protection, network security, identity & access management, and incident response.
• Identify, evaluate gaps and/or deficiencies in cybersecurity technical and/or policy/procedure controls.
• Perform thorough due diligence on third-party suppliers and partners, identifying potential vulnerabilities and risks that could impact the organization.
• Recommend solutions and alternatives to remediate gaps and/or deficiencies in cybersecurity technical and/or policy/procedure controls.
• Independently lead assessment meetings with clients and third parties to evaluate the implementation of cyber controls.
• Collaborate closely with global line management and regional colleagues on delivery, client management and internal and client communications.
• Master client’s proprietary security and contractual standards.
• Apply recognized cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls) in risk assessments and audits.
• Document findings, assessment processes, and recommended actions in a clear, concise, and actionable manner.

REQUIREMENTS

• Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or a related field (or equivalent experience).
• 3-5+ years of experience in cybersecurity, risk management, or IT auditing, with at least 3 years focused on third-party risk assessments or vendor risk management.
• Experience supporting Healthcare clients is required.
• Demonstrable expertise leading the delivery of assessments based on cybersecurity standards and frameworks such as NIST CSF 2.0, IS27001 and 27002, SOC2, Center for Internet Security (CIS) best practices, PCI-DSS, CSA Cloud Controls Matrix, GDPR, HIPAA, HITRUST, etc.
• Hands-on experience with tools and platforms used for third-party risk assessments, vulnerability scanning, and audit processes
• Strong understanding of information security domains such as access control, encryption, vulnerability management, network security, and incident response.
• Evidence of supporting clients overcome cybersecurity challenges in a broad array of sectors which may include, but is not limited to: Technology, Financial Services, and Retail.
• A deep understanding of governance, standards, and compliance as they pertain to cyber security.
• Ability to analyze complex security data and translate findings into industry specific recommendations.

PREFERRED QUALIFICATIONS:

• Certifications: CISSP, CISM, CRISC, CISA, SCP, CCNP, ISO 27001 Lead Auditor or other relevant security or risk management certifications.
• Experience working in a global organization and understanding of the challenges involved in managing risks across multiple jurisdictions.
• Project management skills to manage multiple assessments, stakeholders, and deadlines effectively.

• Conduct detailed cybersecurity risk assessments (audits) for third-party vendors, including reviewing their information security practices, policies, and controls.
• Assess third-party vendor security risks across multiple domains, including data protection, network security, identity & access management, and incident response.
• Identify, evaluate gaps and/or deficiencies in cybersecurity technical and/or policy/procedure controls.
• Perform thorough due diligence on third-party suppliers and partners, identifying potential vulnerabilities and risks that could impact the organization.
• Recommend solutions and alternatives to remediate gaps and/or deficiencies in cybersecurity technical and/or policy/procedure controls.
• Independently lead assessment meetings with clients and third parties to evaluate the implementation of cyber controls.
• Collaborate closely with global line management and regional colleagues on delivery, client management and internal and client communications.
• Master client’s proprietary security and contractual standards.
• Apply recognized cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls) in risk assessments and audits.
• Document findings, assessment processes, and recommended actions in a clear, concise, and actionable manner