Third Party Risk Consultant

We are the leading technology recruitment and selection consultancy in Romania, working on highly specialized technologies for permanent and interim positions. Since our inception in 2001 as the first specialized IT recruitment agency in Romania we supported over 400 national and global clients in acquiring strategic IT talent for their business.

We are deeply passionate about technology and highly responsible about our work. We understand the pressure of the business and the fact that you need fast and quality results. Therefore we always go for the extra mile to deliver the best IT&C talent for your business, no matter how challenging the project may seem.

The Third-Party Consultant is responsible for ensuring company's data remains secure and all third-party risks, vulnerabilities and defects are managed, tracked and remediated according to policy and/or best practices. The individual selected for this role must have technical acumen and experience with applying controls in a risk-driven environment, will execute the Third Party Plus Program, and serve as a contact to enterprise stakeholders managing third parties in the program.

The incumbent for this role must:

Possess knowledge of risk categories (i.e. cloud, Saas) to assess viability of controls within each grouping;
Understand information risk modeling practices to drive decision making and allocation of scarce resources in a risk driven environment;
Ensure artifacts received from third parties reflect sound information risk mitigation management practices;
Identify third party information risks and proactively work with the third party relationship manager to mitigate;
Use centralized GRC tool (RSA Archer) to input documentation evidence, details, risk issues as identified during the risk monitoring review process, and identify supporting mitigations;
Use data science to continuously monitor, build, and assist with third party assessment metrics and reporting;
Configure and use platforms (data lakes, data analytics) to determine the relationship of third parties, fourth parties and fifth parties to MassMutual
Conduct software security maturity assessments using the vBSIMM tool and methods;
Act on and triage real-time third party threat alerts.

Requirements:

2-5 years technology background with experience in third party information risk management and cyber/information security;
Software security lifecycle and vulnerability management experience including familiarity with threat modeling, static code analysis, dynamic scanning and penetration testing;
Experience with industry standard information technology control policies and standards frameworks including NIST;
Experience with continuous monitoring tools to action priority alerts based on security vulnerabilities;
Ability to review security intelligence from multiple sources and determine what is actionable for third party subdomains and specific third party companies;


Preferred Qualifications:

3+ years technology background with experience in third party information risk management, information risk, cyber/information security, data science;
Ability to express complex and technical issues in clear and concise business terms;
Ability to use Excel to assess data and produce meaningful reports;
CISSP or CTPRP qualified or relevant experience Experience with Archer GRC platform;
Demonstrate a strong ability to identify, analyze, and solve problems;
Excellent advocacy, oral and written communication skills, and attention to detail;
Experience with BSIMM- software security maturity model for enterprises;
Experience with third party vulnerability scanning tools.