Don't worry, we can still help! Below, please find related information to help you with your job search.
- Third Party Risk Associate
- Third Party Risk Analyst
- Third Party Risk Management Specialist
- Third Party Risk Manager
- Technology Third Party Risk Manager
- Third Party Risk Management Analyst
- Third Party Cyber Risk Specialist
- Third Party Risk Management Lead
- Third Party Risk Intelligence Analyst
- Third Party It Security Risk Analyst
It Third Party Risk And Compliance Analyst
Company | Greenberg Traurig |
Address | , Atlanta, 30305 |
Employment type | FULL_TIME |
Salary | |
Expires | 2023-09-13 |
Posted at | 8 months ago |
Greenberg Traurig (GT), a global law firm, has an exciting full-time employment opportunity for an IT Third Party and Compliance Analyst in the Technology Department of various office locations. We offer competitive compensation and an excellent benefits package.
Position Summary:
The IT Third Party Risk and Compliance Analyst will lead the design, development, and management of the firms’ IT third party risk management program. The position will consist of gathering, analyzing, and interpreting security control evidence from third parties. Candidate should be available outside normal working hours to participate in emergency events such as security incidents, breaches, investigations, etc.
Duties & Responsibilities:
- Executes and documents assessment activities following established processes and procedures
- Improves existing SIG questionnaire review/response process
- Works with the security team to develop, manage and maintain the Firm’s Information Security Program, security awareness programs, insider threat programs, etc.
- Identifies Information Security & Business Continuity risks to senior management & makes recommendations for corrective actions/mitigation of risks
- Develops, implements, assigns, and monitors third party vendor assessments
- Collaborates with team members to provide subject matter expertise with respect to the Firm’s third-party risk management program and creates and updates documents and presentations that can be used to inform internal employees, external auditors or internal auditors about the program
- Assists IT Compliance team with completing vendor risk assessments submitted to GT by clients and prospective clients; responds to client Requests for Proposals (RFPs) and questionnaires related to security
- Uses SIG questionnaire, performs due diligence on third party vendors to determine the effectiveness of their controls to protect the firm’s data, identifies any discrepancies and provides recommendations to management
- Actively participates in outside Third-Party Risk Management communities
- Performs other related duties as required / assigned
- Keeps abreast of regulatory and compliance related information to enhance the third-party due diligence program
- Monitors third party vendor security posture using third party services (e.g., security scorecard, BitSight, risk recon, etc.)
- Develops, implements, monitors KPI, KRI for third party risk management program
- Tracks vendor mitigation progress of identified threats and risks
- Contributes to the continuous improvement, including automation where possible, of all aspects of the third-party risk management program based on expert knowledge, industry best practices, business objectives and risk tolerance, keeping the program relevant and in alignment with the business objectives
- Assesses BCP/DR compliance status of third-party vendors and communicates their status/impact to the firm’s BCP/DR team
- Leads third party risk/threat notification to third party vendors by assessing vendor risk, impact and response to risks/threats (e.g., assessing Log4Shell vendor impact and response communications)
- Develops and updates third party risk management program policies, procedures, and best practices
Skills & Competencies:
- Strong interpersonal skills, capable of interacting at all levels of the organization from analyst level to C-suite
- As a specialist on complex technical and business matters, work is highly independent
- Understanding of information security (IS) concepts, IT, information security awareness and third-party risk management processes, methodologies, and practices
- Demonstrate strong customer service skills to ensure a smooth data collection experience for both our customers and our internal business unit partners
- Demonstrate strong customer service skills to ensure a smooth evidence collection experience for both clients and vendors
- Familiar with contractual clauses best practices that may be enforced to achieve third-party vendor compliance (right to audit, minimum security requirements, SLAs, 3rd party assessments, etc.)
- Work well under pressure with tight deadlines to deliver superior service to our clients and stakeholders
- Ability to write reports, briefs or create presentations resulting from third party vendor assessments
- Explain and articulate technical concepts to non-technical stakeholders, and follow basic troubleshooting steps to work through issues
- Ability to perform and document a gap analysis as part of third-party vendor assessments
- Ability to multitask and complete assignments within deadlines that may have short lead times
- Demonstrate basic project management and documentation skills to manage multiple parallel work streams
Qualifications & Prior Experience:
- Bachelor’s degree in Information Technology, Information Systems, Information Security, Business Administration, or Risk Management or equivalent experience
- Working knowledge of security standards, frameworks and best practices (ISO 27001/27701, NIST 800-53, CSA, OWASP, CIS, HiTech)
- Experience working with compliance issues dealing with sensitive data preferred
- Proficiency with Windows-based software and Microsoft Office suite
- 1-3 years of experience in responding to vendor IT risk assessments
- Industry certifications preferred (e.g. CTPRP, CISSP, CISM, CRISC, CIPP, CISA)or willingness to obtain
- Working knowledge of cloud technologies (AWS, Azure, Alibaba, GCP, IBM cloud) and software delivery models (SaaS, PaaS, IaaS)
- Proficient knowledge of third-party related regulatory policies
- 1-3 years of experience in implementing and/or supporting IT risk management processes
- Proficiency with Governance, Risk, Compliance tools (e.g., VSAQ, CIS, VRMMM, SCA, SIG, risk exchanges)
In support of our unwavering dedication to putting diversity, equity, and inclusion into action, GT participates in the Mansfield Rule Certification Program. This Program, which is administered by The Diversity Lab, aims to increase diverse representation in the legal industry. In July 2020, we achieved Mansfield Rule 3.0 Certification. A year later, in 2021, we achieved Mansfield 4.0 Certification Plus, meaning we went beyond the requirements of the original Mansfield program. Most recently, in 2022, GT gained Mansfield Rule 5.0 Certification Plus – again achieving the highest level of certification a law firm can obtain. GT is currently participating in the Mansfield Rule 6.0 Certification Program. Providing your data during the application process helps us with achieving our goals and with meeting reporting/record-keeping obligations under federal and state law and other legal requirements. Providing your data is entirely voluntary and will not be considered in the hiring process or thereafter. Any information that you do provide will be treated confidentially.
-
Systems Analyst - Excel, Xml, Sql, Scripting
By CyberCoders At Salt Lake City, UT, United States 7 months ago
-
(Senior) Finance & Shared Services Manager
By Catholics For Choice At Washington, DC, United States 7 months ago
-
Paralegal - Probate Administration
By CyberCoders At Miami, FL, United States 7 months ago
-
Account Executive - Automotive Software
By ECW Search At United States 7 months ago
-
Construction Project Coordinator Jobs
By CyberCoders At River Falls, WI, United States 7 months ago