GRC - Third Party Risk Manager

Paul Hastings is a leading international law firm that provides innovative legal solutions to many of the world's top financial institutions and Fortune Global 500 companies. With a strong presence throughout Asia, Europe, Latin America, and the U.S., we have the global reach and extensive capabilities to provide personalized service wherever our clients' needs take us. As one of the world's leading law firms, we seek dynamic individuals who share our commitment to service, innovation, and professional growth.

We have an opening for a GRC - Third Party Risk Manager.

The GRC-Third Party Risk Manager will join the InfoSec team to execute the Firm's Third Party Risk Management (TPRM) function, as well as support the broader GRC team. This includes facilitating activities to identify and address risks related to new and existing vendor relationships, including initial due diligence and ongoing risk assessments and monitoring throughout the vendor relationship. The manager will be responsible for coordinating the review of cybersecurity controls of third party vendors and vendor hardware, software, and services in alignment with the organization's current IT risk management standards.

In this capacity, the GRC - Third Party Risk Manager will:

• Conduct third party risk assessments for initial due diligence and ongoing evaluation of third party vendor services to identify potential privacy and security related risks;
• Manage distribution and perform review of required vendor cyber risk documents, such as third party risk assessment questionnaires (e.g., SIG), audited reports of controls (i.e., SSAE18, SOC Type II, etc.), vendor security policies and other information to support the identification and evaluation of potential outsourcing risks;
• Use a strong knowledge of industry standards (such as NIST CSF, ISO27001/27002) and the regulatory landscape (such as GDPR) to provide a comprehensive assessment of the vendor's security risk;
• Work with third parties and internal stakeholders to identify and remediate risks and track and report identified issues and risk remediation efforts;
• Coordinate with InfoSec (e.g., Security Engineering, Risk Management) and other Firm stakeholders to evaluate the vendor's security controls and identify associated risks;
• Report vendor related security risk recommendations and guidance and obtain risk acceptance prior to entering into contractual relationships with vendors;
• Negotiate and support the Procurement team in negotiating the Firm's Information Protection Addendum (IPA) and obtain appropriate input from Privacy, InfoSec and the OGC;
• Work with Contract Administration/Procurement to support contractual reviews for new and existing vendors;
• Measure and monitor progress of TPRM activities, including evolving the program in accordance with industry practices;
• Stay informed about the latest developments in the vendor risk management field; and
• Support various ad hoc projects supporting program enhancements, process improvements, and other GRC functions.

• Expert knowledge in Third Party Risk Management;
• Strong knowledge of privacy and information security frameworks (e.g., NIST, ISO, etc.) and relevant regulatory requirements (e.g., GDPR, CCPA, etc.);
• Strong knowledge of security trends and potential risk exposure;
• Strong written and verbal communication skills; and
• Experience negotiating supplier resiliency requirements.

• Bachelor's degree (required); and
• 7 years of experience in third party risk management or related experience.

Employees will be provided with an excellent career opportunity in a collaborative environment, in addition to a generous total compensation package with the opportunity to earn bonuses based on individual contribution and firm profitability.

The salary wage range that we expect to pay for this position is a minimum of $122,700 and a maximum of $160,000 annually. The actual pay wage may vary based on experience or other relevant factors.

Eligible employees can participate in the Firm's comprehensive benefits program, which include the following:

• Medical, Dental, Vision, Life/AD&D, Long Term Care, and Short- and Long-Term Disability
• Flexible Spending Account and Health Savings Account
• Healthcare Concierge and Advocacy
• Lifestyle Spending Account
• Voluntary 401(k) Plan and Profit Sharing
• 10 Paid Holidays per year and a generous PTO Program
• Family Support including Paid Parental Leave, Fertility Benefits, Breast Milk Shipping, Back-up Child Care, Elder Care, and Tutoring
• Wellbeing programs (Employee Assistance Program, Relationship Support, Mental Health and Well-Being Events)
• Retirement Plan Consulting
• Anniversary Bonus Program
• Professional Development Programs
• Transportation and Commuter Benefits
• International Travel Insurance
• Auto/Home/Pet Insurance
• Prepaid Legal Insurance
• Employee Discounts
• And More!

The Firm has a range of diversity initiatives including our Paul Hastings Affinity Networks (PHANs), Women's Initiative, and PH Balanced. These initiatives provide a firmwide forum to share experiences, as well as an opportunity to participate in a supportive network with common interests to help make life at the firm more inclusive. Learn more about our Global Diversity, Inclusion and Wellness Initiatives here.

Paul Hastings LLP is an equal employment and affirmative action employer F/M/Disability/Vet/Sexual Orientation/Gender Identity. Pursuant to local ordinances, we will consider qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Chance Initiative for Hiring Ordinance.