Information Risk Consultant

Employer: MassMutual Romania
  • IT Software
  • Job type: full-time
    Job level: peste 5 years of experience
  • Cluj Napoca
  • Updated at: 16.09.2021
    Short company description

    To position MassMutual as a market leader for the next stage of growth, it is critical that we build top engineering capacity in a rapidly changing digital world. Romania has a significant pool of highly trained engineering professionals and so we are very excited to build operations in both Bucharest and Cluj.


    ▪ Ability to manage multiple tasks and perform work with a reasonable level of supervision
    ▪ Demonstrated analytical and diagnostic skills
    ▪ Knowledgeable in reviewing third-party security controls and relating them to data classification standards
    ▪ Versed in reviewing third-party audit reports, such as SOC 2, and penetration tests
    ▪ Working with and executing in the RSA Archer eGRC platform, including mastery-level use of Excel export/import functions
    ▪ Versed in technical acumen related to IT Hygiene and vulnerability management
    ▪ Excellent at communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues in clear and concise business terms
    ▪ Experience with third party risk management evaluations, breach management strategies, a working knowledge of controls, and information security contract requirements.
    ▪ Bachelor’s degree in Computer Science, Business Administration, or 5-7 years of equivalent experience in information security governance concepts


    ▪ Complete third-party assessments, including review of third-party controls and audit reports, such as SOC 2 and penetration tests
    ▪ Third Party breach notification assessment and management
    ▪ Log assessment review issues in the eGRC tool and track through to remediation
    ▪ Communicate program processes to stakeholders
    ▪ Train stakeholders (including Supplier Relationship Managers) on program processes
    ▪ Review proposed updates to Information Security Requirements (ISRs) to determine appropriate risk coverage
    ▪ In partnership with Procurement, address/resolve information security requirements for contracts