Security Risk Engineer
Long term contract
This position is to support the Vendor Risk Management Team in Information Security Department.
2-6 years of experience in information technology third party risk assessments and/or vendor risk assessments
- Participate in vendor risk management activities including but not limited to risk assessments, gap analysis, contract review and process improvements.
- Work across multiple portfolios, projects, and technology areas in assessing third party solutions.
- Track identified findings of non-compliance with client’s standards to remediation or to an acceptable level of risk.
- Support the design, testing, evaluation, implementation, and deployment of security systems/devices used to safeguard the organization’s information assets.
- Review contract language in vendor contracts.
- Responsible for analyzing the information security environment and assisting with the development of security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure.
- Provide accurate and up-to-date security metrics to senior management.
WHAT EXPERIENCE DO YOU NEED?
- Experience in assessing risk associated to vendor engagements involving application development, application support, and/or infrastructure services.
- Foundational knowledge of common security control frameworks, e.g., ISO, NIST, CIS.
- Controls Basic understanding of cloud computing technologies
- Demonstrate strong teamwork and interpersonal skills to all levels of organization.
- Ability to influence with or without authority to achieve desired outcomes.
- Balance and successfully manage competing priorities.
- Keep abreast of industry trends through benchmarking, participation in professional associations etc. in order to advise others of optimal sourcing opportunities.
- Establishes computer and terminal physical security by developing standards, policies, and procedures; coordinates with facilities security; recommends improvements.
- Safeguard computer files by performing regular backups; developing procedures for source code management and disaster preparedness; recommends improvements.