This site uses cookies. To find out more, see our Cookies Policy

Technology Risk Contractor in San Francisco, CA at Vaco

Date Posted: 10/24/2018

Job Snapshot

Job Description

Technology Risk Contractor

The Role

We are seeking an experienced technology risk professional who will be primarily responsible for assessing the information security posture of vendors and other third parties. The position will work within the Third Party Risk team and will identify key technology risks and information security gaps while performing due diligence on third party relationships.

You will be responsible for various phases of technology and information security risk management including, but not limited to assessing control effectiveness, conducting risk assessments, communicating results, and providing guidance on remediation. This role requires a mix of broad business and technical acumen, the ability to inspire and influence decisions, and a polished ability to communicate with key internal partners.

You are skilled in risk management, information security, and IT and have an inquisitive personality that is constantly looking for a better way to do things.

Responsibilities:
* Conduct qualitative and quantitative information security risk assessments on third party vendors, recommend mitigation strategies, and work with internal partners to assign monitoring responsibility.
* Author and update applicable sections of risk advisory documents that are communicated to various stakeholders, including senior management and executive levels.
* Interpret risk requirements and translate into actionable recommendations for risk mitigation.
* Build and cultivate positive working relationships with internal customers with the intention to exceed customer expectations.

Qualifications:
* Minimum of 5 years of information technology, information security and/or risk management and advisory experience with strong preference given to individuals who have completed vendor information security risk reviews.
* Understanding of processes for information security risk evaluation and assessing third parties across diverse industries and against a broad range of security requirements
* Bachelor's Degree in a relevant field (Information Technology / Security / Assurance, Business, Economics,)
* Professional certifications such as CISSP, CISM, CISA, CRISC or CIPP.
* Familiar with a broad range of technical concepts: logical access control, encryption methods, vulnerability management, security architecture, information security, network security, and privacy.
* Ability to communicate in a clear and concise manner with all levels of an organization and convey complicated technology and security concepts to both technical and non-technical people.
* Excellent project management and organizational skills with the ability to meet deadlines and quickly establish clear priorities.
* Ability to grasp complex issues quickly and have strong critical thinking, analytical skills, and problem-solving skills with a high attention to detail and accuracy.
* Independent, self-starter who can execute in a fast-paced, high-demand environment while balancing multiple priorities.

Preferred Skills:
* Financial Services and Technology experience.
* Experienced at conducting information security risk assessments using common methodologies (e.g. NIST, OCTAVE, FAIR).
* Well-versed in various information security and risk frameworks/standards (e.g. ISO 31000, ISO 2700x, NIST 800 series).