Project Manager Business Analyst Risk Assessment

*** Candidate Must Haves on a resume and for submittal:

1. How many years working with: Third Pary security assessment

2. How many years working with: NIST

3. How many years working with: Develop and implement risk mitigation strategies to address identified vulnerabilities

4. How many years working with:

5. How many years working with:

*** Please provide all the below Submittal Format details with each submittal. It is required for the client Management system.

• Full Name:
• Rate:
• Location:
• Availability to Interview: One Days notice
• Availability to Start:
• Email Address:
• Phone Number:
• Visa Status:
• Education College/Year of graduation:
• Link to LinkedIn
• Certifications (Please list)

Job Description:

Please send candidates who meet or exceed the Below experience:

Experience Risk Assessment and Mitigation:

Conduct comprehensive thirdparty risk assessments to identify potential cyber threats.

Develop and implement risk mitigation strategies to address identified vulnerabilities.

Monitor thirdparty compliance with cybersecurity policies and standards.

2. Policy Development and Implementation:

Establish and enforce policies and procedures for thirdparty cyber risk management.

Ensure thirdparty vendors adhere to the organizations cybersecurity requirements.

3. Vendor Management:

Oversee the evaluation selection and monitoring of thirdparty vendors.

Conduct regular audits and assessments of vendor security practices.

Manage contracts and service level agreements (SLAs) with thirdparty vendors.

4. Incident Response and Management:

Develop and maintain an incident response plan specific to thirdparty breaches.

Coordinate with third parties during cybersecurity incidents to ensure timely resolution.

Conduct postincident reviews and implement improvements based on lessons learned.

5. Training and Awareness:

Provide training and awareness programs for internal stakeholders on thirdparty cyber risks.

Ensure thirdparty vendors are educated on the organizations cybersecurity expectations.

6. Reporting and Documentation: Prepare regular reports on thirdparty cyber risk management activities for senior leadership. Maintain accurate and uptodate documentation of all thirdparty risk assessments and mitigation efforts.

7. Collaboration and Stakeholder Management: Work closely with internal teams such as legal procurement and IT security. Build strong relationships with thirdparty vendors to ensure effective communication and collaboration.

8. Regulatory Compliance: Stay updated on relevant cybersecurity regulations and ensure thirdparty compliance. Work with legal and compliance teams to address regulatory requirements related to thirdparty cyber risk.

### Required Skillsets:

1. 1. Technical Knowledge: Strong understanding of cybersecurity principles frameworks and standards (e.g. NIST ISO 27001). Experience with risk assessment tools and methodologies. Knowledge of common cyber threats and vulnerabilities.
   2. Analytical Skills: Ability to analyze complex data and identify trends and patterns. Strong problemsolving skills to address cyber risk issues.
   3. Communication Skills: Excellent verbal and written communication skills to convey technical information to nontechnical stakeholders. Ability to prepare clear and concise reports and presentations.
   4. Leadership and Management: Proven experience in leading and managing a team. Ability to influence and drive change across the organization and with thirdparty vendors.
   5. Vendor Management: Experience in managing vendor relationships and contracts. Strong negotiation skills to ensure favorable terms and conditions in vendor agreements.
   6. Regulatory Knowledge: Familiarity with relevant cybersecurity and data protection regulations (e.g. OCC FRB GLBA GDPR CCPA). Ability to interpret and apply regulatory requirements to thirdparty risk management.
   7. Project Management: Strong project management skills to oversee multiple risk management initiatives. Ability to prioritize tasks and manage time effectively.
   8. Attention to Detail: High level of attention to detail to ensure thorough risk assessments and accurate documentation.
   9. Certifications (Preferred): Certified Information Systems Security Professional (CISSP). Certified Information Security Manager (CISM). Certified in Risk and Information Systems Control (CRISC).
   10. Experience: Significant experience in cybersecurity risk management or a related field. Experience in a senior management role preferably in thirdparty risk management