CP-BUF
About the Company
Our client is a long-standing, locally operated organization with suburban headquarters in the Buffalo area. They are a highly profitable, employee-centric organization in the midst of exciting changes to modernize technology and process in their IT group. They provide opportunities to cross train and leadership programs to help you advance in your career. They offer top notch benefits including generous PTO and a hybrid work arrangement.
About the Job
This is a newly created role to take ownership of our client’s Third-Party Risk Management program.
We are seeking a skilled Third Party Risk Management Analyst to take ownership of our client’s vendor risk management program, ensuring the security and reliability of their third-party relationships. This critical role involves assessing and mitigating risks associated with vendor partnerships, ensuring that security principles are rigorously applied, and that the organization remains protected from emerging threats.
Key Responsibilities:
- Program Ownership: Lead and manage the third-party vendor risk program, ensuring its effectiveness in identifying and addressing risks.
- Vendor Risk Analysis: Perform thorough risk assessments of potential vendors, ensuring risks are identified, mitigated, and in line with organizational standards.
- Risk-Based Approach: Leverage a systematic, risk-based approach to ensure that appropriate security controls are applied, and gaps are identified and remediated. Clearly communicate any residual risks to business units and senior management.
- Continuous Monitoring: Oversee the ongoing monitoring of the cybersecurity health of active vendors, addressing emerging risks and concerns in a timely manner.
- Collaboration & Coordination: Partner with business support analysts and business stakeholders to coordinate vendor management processes and maintain alignment with business objectives.
- Policy & Procedure Development: Document and update policies, procedures, and best practices relating to third-party risk management, ensuring alignment with industry standards and security frameworks.
- Executive Reporting: Prepare and deliver insightful management-level presentations to communicate trends, risks, and security threats related to vendor relationships.
- Metrics Development: Contribute to the development and reporting of key InfoSec metrics that measure the effectiveness of risk management efforts.
- Security Best Practices: Ensure adherence to information security best practices that protect the confidentiality, integrity, and availability of corporate and customer data, aligning with the company’s overall risk appetite.
Qualifications:
- BS Degree and 3 + years experience or specialized training/certifications in lieu of degree.
- Strong understanding of third-party risk management practices and information security principles.
- Experience in risk analysis, vendor relationship management, and security control frameworks (NIST, etc.).
- Ability to communicate complex security risks to business units and senior management.
- Proven experience in policy development and executive reporting.
Benefits & Perks
- Annual Bonus Program
- Low cost medical, dental and prescription Drug Coverage
- Flexible work schedule – Hybrid
- Very generous Paid Time Off
- Paid Training & Certification / Tuition Reimbursement
- 401(k) with match
- Additional Company Funded Retirement Savings Account (even if you don’t contribute to 401K)
- Free parking, onsite gym and cafeteria
Brooke DeLucia
Manager - Recruiting & Sourcing
Reference: JOB-13374