Analyst, Cybersecurity

Description

Member of the Enterprise Cybersecurity and Risk team with responsibility for execution of the TPRM (third⁃party risk management) program. Perform cyber risk⁃based assessments which document key risk areas for third⁃party vendors. Work with both internal Cybersecurity and Vendor points of contact to develop remediation plans and track resolution status.

Job Responsibilities

Partner with program leads to identify vendor due diligence requirements and ensure vendor inventory and status is kept up to date

Able to review vendor due diligence materials (i.e., SOC1 / SOC2, Vulnerability Scan, ISO 27001, etc.) and identify potential risks

Familiarity with the difference between SaaS and COTS based applications and the unique risks of each

Awareness of emerging cyber threats including zero⁃day vulnerabilities and supply chain related risks

Able to understand details of vendor's cyber security program and identify where gaps exist with internal company policy requirements

Ability to perform root cause analyses on issues identified and clearly articulate to a less technical user

Identify potential vendor related issues and follow up with internal stakeholders and external vendor to develop remediation plan for unresolved issues

Able to triage use cases and prioritize risk based on scope and impact

Produce risk assessment reports and work with vendors to implement remediation responses

Work with brands, procurement, supply chain, R&D and others to document specific use cases and third⁃party engagements

Work with program lead and legal / privacy team to identify required contract security provisions to remediate risks identified in vendor assessment

Experience with industry⁃recognized Cyber, Privacy, Governance, Risk and Compliance (GRC) applications

Experience with Shared Assessments ( ) methodology including use of their Standardized Information Gathering (SIG) questionnaire

Professional verbal and written communications

Able to develop effective relationships with all levels of internal and external stakeholders

Qualifications

CTPRP / CISSP / CISM / CRISC certification or equivalent desired

Experience in Information Technology and Cyber Security highly desired

Internal Audit related experience a plus

Bachelor's Degree (preferably in Information Technology or Cyber Security) or equivalent work experience

Skills : IT Audit, Risk Assessment, Cybersecurity, SOX compliance, GxP Compliance, SOC1, SOC2, ISO 27001 certification