Job Description
This is an opportunity to join Ascot Group - one of the world's preeminent specialty risk underwriting organizations.
Designed as a modern-era company operating through an ecosystem of interconnected global operating platforms, we're bound by a common mission and purpose: One Ascot. Our greatest strength is a talented team who flourish in a collaborative, inclusive, and entrepreneurial culture, steeped in underwriting excellence, integrity, and a passion to find a better way, The Ascot Way.
The Ascot Way guides our people and our organization. Our underwriting platforms collaborate to find creative ways to deploy our capital in a true cross-product and cross-platform approach. These platforms work as one, deploying our capital creatively through our unique Fusion Model: Client Centric, Risk Centric, Technology Centric.
Built to be resilient, Ascot maximizes client financial security while delivering bespoke products and world class service - both pre- and post-claims. Ascot exists to solve for our clients' brightest tomorrow, through agility, collaboration, resilience, and discipline.
Job Summary:
The Senior Analyst of Third-Party Risk Management in Ascot's Cybersecurity Governance Risk & Compliance (GRC) function is responsible for assessing the risk associated with the confidentiality, integrity and availability of data provided to our suppliers. This is a global role where your primary focus will be responsible for leading multiple assessments of our suppliers to ensure the risk associated with these partnerships is understood, managed and aligned with our risk appetite. Additional responsibilities will include supporting the Cybersecurity GRC function in other activities like risk exceptions, managing the risk register, updates to policies, standards.
Responsibilities:

• Support the management of third-party cybersecurity risk for the organization across the entire supplier lifecycle (preboarding, onboarding, ongoing due diligence and offboarding of suppliers).
• Perform inherent risk rating of suppliers based on the level of engagement and type of data exchanged.
• Assess supplier's cybersecurity controls and environment to understand the residual risk of the partnership.
• Identify control gaps associated with supplier's control environment, understand exposure, likelihood of impact and provide recommendations to stakeholders regarding the risk of partnering with the supplier.
• Monitor changes in supplier engagement and breach feeds to trigger reassessments.
• Liaise with Legal, Finance, business stakeholders and cybersecurity management as needed to successfully conclude supplier assessments.
• Communicate due diligence requirements and documentation requests to third parties, internal stakeholders and leadership.
• Work with Legal to draft standard contractual clauses based on the level of risk associated with supplier engagements.
• Build, and update standards, processes, procedures, templates and identify opportunities to streamline the third-party assessment process.
• Stay abreast of emerging security threats, industry best practices, and regulatory requirements related to third-party risk management.

Requirements:

• Bachelor's degree or equivalent years of experience
• Possess either a CRISC, CTPRP, CISM, CISA, CISSP certification or a minimum of 7 years of experience in cybersecurity with a majority focus in third-party risk management.
• Understanding cybersecurity frameworks, certifications, attestations and audits such as: NIST CSF, ISO 27001, SOC 1, SOC 2, ISAE 3402, PCI compliance, HIPAA.
• Understand regulatory requirements such as: CCPA, GDPR, NYDFS 500, Bermuda Monitory Authority, UK Financial Conduct Authority.
• Understanding of cloud service models, application security best practices, vulnerability and patch management.
• Self-starter with the ability to take initiative and capable of communicating to technical and non-technical audiences.
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
• An ability to effectively collaborate across multiple teams and ensure program needs are satisfied through interpersonal and trusted communication.

Compensation
Actual base pay could vary and may be above or below the listed range based on factors including but not limited to experience, subject matter expertise, and skills. The base pay is just one component of Ascot's total compensation package for employees. Other rewards may include an annual cash bonus, long-term incentives, and other forms of discretionary compensation awarded by the Company.
The annualized base pay range for this role is: $95,000 - $105,000 (for US candidates).
Company Benefits
The Company provides a competitive benefits package that includes the following (eligibility requirements apply):

• Health and Welfare Benefits: Medical (including prescription coverage), Dental, Vision, Health Savings Account, Commuter Account, Health Care and Dependent Care Flexible Spending Accounts, Life Insurance, AD&D, Work/Life Resources (including Employee Assistance Program), and more
• Leave Benefits: Paid holidays, annual Paid Time Off (includes paid state /local paid leave where required), Short-term Disability, Long-term Disability, Other leaves (e.g., Bereavement, FMLA, Adoption, Maternity, Military, Primary & Non-Primary Caregiver)
• Retirement Benefits: Contributory Savings Plan (401k)