Third Party Information Security Analyst
New York or Chicago:
Our client is one of the most competitive, tech-driven hedge funds worldwide. They’re seeking a highly skilled individual who will conduct third party information security assurance and compliance reviews across the firm in order to determine their Information Security posture based upon required contractual agreements and, where applicable, governing regulations or laws.
You will work with the business, the Information Security, Infrastructure and other technology teams to evaluate emerging technologies and cyber threats to support maintenance and development of new information security requirements for third parties and supply chain partners and ensure the firm’s information assets are continuously protected following our Information Security standards and compliance obligations
- Develop, coordinate, plan and partner with third party security services provider to execute security assessments of the third parties focusing on compliance with regulations, company policies, and internal controls.
- Document internal assessment templates, follow up on outstanding deliverables, and score the assessment with an overall risk rating.
- Review internal and external security and technical test reports (audit, vulnerability and penetration test results, business resiliency Plans, etc.) to validate the effectiveness of operational controls.
- Facilitate and manage risk assessments and /or security initiatives from communication, approval and report distribution to key stakeholders, business units and management.
- Compose assessment report containing findings and recommendations and present to management. Ensure that potential issues are raised promptly to senior management with a view to identify options to mitigate risk.
- Develop risk mitigation plan and strategy to be communicated to third party and ensure timely and satisfactory remediation.
- Identify enhancements and process efficiencies to keep assessment program in line best practices.
Technical Experience and Skills:
- The successful candidate will have broad experience in IT Auditing fundamentals, Information Security Controls and maturity models including any experience using Shared Assessments Program Tools and/or questionnaire-based vendor auditing tools, GRC tools and technologies for audit support and vendor governance. You will also have experience with or have the knowledge on how to manage a third-party security services provider within this process.
- Additionally, you will have hands-on experience executing threat models, performing business impact and risk analysis, and a thorough understanding of compensating controls. This position will require the candidate to help develop methodologies perform risk assessments, provide executive status reports on assurance program activities, vendor controls deficiencies, and corrective actions.
- Will have 5+ years of security experience, preferably 50% of that time supporting third-party security services
- A degree in IT Management, Information Systems, Risk Management, Auditing, Computer Science, or related field or the equivalent in education and work experience. Any of the following certifications would be preferred:
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Security Controls (CRISC)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified in the Governance of Information Technology (CGEIT)
Apply for this role
All fields marked with * are required.