Third Party Cybersecurity GRC Advisor
United States
Full Time
3 days ago
Visa Sponsor
Key skills
AWSCloudCyber SecurityServiceNowSaaSRisk ManagementCommunicationNetwork SecurityCloud Security
About this role
Role Overview
- Evaluate vendor security documentation, including SOC reports, ISO certifications, HITRUST certifications, penetration test summaries, security questionnaires, policies, data flow diagrams, and remediation evidence.
- Assess vendor controls related to access management, encryption, vulnerability management, incident response, business continuity, disaster recovery, cloud/SaaS security, secure software development, and data protection.
- Provides first level engineering design functions and trouble resolution.
- Communicate directly with vendors to clarify questionnaire responses, request supporting evidence, validate remediation status, and coordinate risk mitigation activities.
- Support internal and external audit and compliance activities, including HIPAA, HITRUST, NIST, PCI DSS, SOC 2, and other healthcare or cybersecurity-related assessments.
- Provides trouble resolution and serves as point of technical escalation on complex problems.
- Leads or plans implementations for access management and network security technologies.
- Develops testing plans to ensure quality of implementation.
- Leads the investigation and reporting of data security events and incidents.
- Provides system and network architecture support for information and network security technologies.
- Provides technical support to business and technology associates in risk assessments and implementation of appropriate information security procedures, standards and technologies.
- Maintains security incident response plans.
- Represents major upgrades and business system replacements in change control.
- Oversees Enterprise mix of vendor services.
- Recommends changes and updates to strategy.
- May act a key contact for setting vendor strategy.
- Designs & engineers repetitive technical solutions based on business requirements and defined technology standards.
- Mentor junior analysts by providing guidance on assessment quality, evidence review, control interpretation, risk documentation, and stakeholder communication.
- Contribute to continuous improvement of third-party cybersecurity risk management standards, procedures, workflows, assessment templates, risk scoring methodology, dashboards, and reporting.
Requirements
- Requires BS/BA degree in Information Technology or related field of study and a minimum of 5 years experience in systems support, system administration, system engineering, system security, access management, network security, network communications, computer networking, telecommunications, systems development and management, hardware, software, and/or data; or any combination of education and experience, which would provide an equivalent background.
- Requires experience in planning and designing highly complex systems.
- Experience with multiple technical and business disciplines strongly preferred.
- Security Certifications: CISSP or other technical security certifications (e.g. Systems Security Certified Practitioner, Certification and Accreditation Professional) strongly preferred.
- Bachelor’s degree in cybersecurity, information systems, computer science, risk management, business, or a related field; or equivalent combination of education, training, and work experience.
- 5+ years of experience in cybersecurity, third-party risk management, IT risk, GRC, IT audit, regulatory compliance, vendor risk management, or a related field.
- Experience with common cybersecurity frameworks, standards, and assurance reports, such as NIST CSF, NIST SP 800-53, NIST SP 800-161, ISO 27001/27002, SOC 2, CIS Controls, Shared Assessments SIG, CSA CAIQ, or CSA CCM.
- Experience with ServiceNow GRC/IRM, Vendor Security Risk Management, or similar third-party risk management workflows.
- Experience performing third-party cybersecurity assessments in healthcare, insurance, financial services, or another regulated industry.
- Familiarity with HIPAA, HITRUST, NIST, PCI DSS, SOC 2, ISO 27001, cloud security, and privacy/data protection control expectations.
- Experience with security rating or vendor monitoring tools such as BitSight, SecurityScorecard, RiskRecon, UpGuard, Black Kite, OneTrust, Archer, ProcessUnity, or similar platforms.
- Relevant certification such as CISA, CRISC, CISSP, CISM, Security+, CCSK, CCSP, ISO 27001 Lead Auditor/Implementer, AWS Certified Cloud Practitioner, or PCI DSS-related experience.
Tech Stack
- AWS
- Cloud
- Cyber Security
- ServiceNow
Benefits
- merit increases
- paid holidays
- Paid Time Off
- incentive bonus programs
- medical
- dental
- vision
- short and long term disability benefits
- 401(k) +match
- stock purchase plan
- life insurance
- wellness programs
- financial education resources