Senior Third-Party Cyber Risk Management Analyst

The Third Party Cyber Risk Management team is currently recruiting a senior third-party cyber risk analyst who will be responsible for developing and operationalizing a segment of the Cyber Security program at CircleK. This position will evaluate overall risks associated with new engagements with third-party service providers, including areas such as Information Security, BCP/DR, Financial, Legal and Compliance, Technology, and Operations.

This position will also manage efforts to support ongoing risk assessments and monitoring for existing critical vendors, advise management on new control changes and resulting internal control impact, and remain updated on regulatory requirements.

This role will be responsible for third-party relationships' security, risk, and compliance oversight. This includes conducting assessment activities and risk reporting to key stakeholders for third parties. This role will also provide leadership and guidance to various organizational levels in delivering and effectively supporting procurement, legal, and regulatory compliance programs, processes, and procedures.

• Participate in calls regarding third-party risk remediation and provide oversight on the closure of third-party risks.
• Oversight of third-party risk assessment process conducted to identify risks presented by third parties.
• Prepare, review, and publish risk reports for delivery to third parties, internal stakeholders, and senior management.
• Responsible for working with the internal business relationship owners to understand and review third-party risks and to ensure all stakeholders understand risks.
• Review third-party compliance deliverables, such as Statement on Standards for Attestation Engagements No. 16 (SSAE16) audit reports, Payment Card Industry Data Security Standard (PCI DSS) Attestations of Compliance (AOC), and other regulatory information.
• Reviewing third-party security controls, practices, and infrastructure.

Position Requirements

• Consulting experience preferred
• Working knowledge of information security concepts and controls
• Experience working in Third-Party Risk Management (TPRM) preferred
• Strong analytic skills and attention to detail
• Ability to consult with customers in a service advisory capacity
• Understanding of regulatory requirements pertaining to information security, privacy, and/or data security
• Bachelor's Degree
• Self-driven; able to manage schedules, meet deadlines, coordinate with others, perform tasks, and work independently with minimal supervision
• Strong interpersonal and communication skills with the ability to ask questions, actively listen, escalate roadblocks, and interact effectively at multiple levels
• Organized and effective with time and meeting management
• Strong project management skills, with the ability to work with multiple customers, deadlines, and priorities

Circle K is an Equal Opportunity Employer.

The Company complies with the Americans with Disabilities Act (the ADA) and all state and local disability laws. Applicants with disabilities may be entitled to a reasonable accommodation under the terms of the ADA and certain state or local laws as long as it does not impose an undue hardship on the Company. Please inform the Company’s Human Resources Representative if you need assistance completing any forms or to otherwise participate in the application process.

Click below to review information about our company's use of the federal E-Verify program to check work eligibility:

In English

In Spanish

R356620