Information Risk Consultant

To position MassMutual as a market leader for the next stage of growth, it is critical that we build top engineering capacity in a rapidly changing digital world. Romania has a significant pool of highly trained engineering professionals and so we are very excited to build operations in both Bucharest and Cluj.

▪ Ability to manage multiple tasks and perform work with a reasonable level of supervision
▪ Demonstrated analytical and diagnostic skills
▪ Knowledgeable in reviewing third-party security controls and relating them to data classification standards
▪ Versed in reviewing third-party audit reports, such as SOC 2, and penetration tests
▪ Working with and executing in the RSA Archer eGRC platform, including mastery-level use of Excel export/import functions
▪ Versed in technical acumen related to IT Hygiene and vulnerability management
▪ Excellent at communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues in clear and concise business terms
▪ Experience with third party risk management evaluations, breach management strategies, a working knowledge of controls, and information security contract requirements.
▪ Bachelor’s degree in Computer Science, Business Administration, or 5-7 years of equivalent experience in information security governance concepts

▪ Complete third-party assessments, including review of third-party controls and audit reports, such as SOC 2 and penetration tests
▪ Third Party breach notification assessment and management
▪ Log assessment review issues in the eGRC tool and track through to remediation
▪ Communicate program processes to stakeholders
▪ Train stakeholders (including Supplier Relationship Managers) on program processes
▪ Review proposed updates to Information Security Requirements (ISRs) to determine appropriate risk coverage
▪ In partnership with Procurement, address/resolve information security requirements for contracts