COMPANY OVERVIEW

Secure Halo is a Service Disabled Veteran-Owned Small Business (SDVOSB) specializing in cybersecurity and risk management consulting. We are dedicated to protecting the intellectual assets and sensitive information of our clients through innovative methodologies and tailored solutions.

SUMMARY

We are seeking a Risk Management Analyst to join our dynamic team in providing critical insights into enterprise risk and cybersecurity. This role is based in the United States and plays a vital part in enhancing our clients’ security posture by analyzing risks and recommending effective strategies.

QUALIFICATIONS:

• U.S. Citizenship and residency within the continental United States are required. No offshore work is permitted.
• Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, or related field.
• Minimum of 3–5 years of direct experience conducting third-party risk or vendor risk assessments.
• Experience using risk frameworks such as NIST SP 800-53, ISO/IEC 27001, SOC 2, and Shared Assessments SIG.
• Excellent analytical, verbal, and written communication skills.
• Strong organizational and time management abilities—capable of handling multiple assessments concurrently.

PREFERRED QUALIFICATIONS:

• Experience supporting TPRM programs in regulated industries (e.g., banking, insurance, healthcare).
• Familiarity with third-party due diligence platforms and workflow management systems.
• Prior experience working with or for large financial institutions or credit unions.

• Perform comprehensive assessments of third-party information security controls using standardized questionnaires and frameworks (e.g., SIG, NIST, ISO 27001, SOC 2).
• Validate and analyze questionnaire responses and evidence provided by third parties.
• Lead initial and follow-up assessment calls, including onsite or remote evaluations.
• Prepare detailed assessment reports, executive summaries, and supporting documentation in alignment with established quality control procedures.
• Escalate delays or uncooperative third parties to internal stakeholders in accordance with escalation protocols.
• Track and ensure adherence to assessment timelines and deliverables per established SLAs.
• Review third-party remediation efforts and residual risk ratings where appropriate.
• Attend planning, kick-off, and issuance meetings with internal stakeholders and third parties.
• Maintain accurate and up-to-date documentation in the client’s system of record.