Information Risk Consultant

This job is no longer active!

View all jobs MassMutual Romania active

View all jobs Information Risk Consultant active on

View all jobs IT Software active on

Employer: MassMutual Romania
  • IT Software
  • Job type: full-time
    Job level: peste 5 years of experience
  • Cluj Napoca
  • Updated at: 26.09.2021
    Short company description

    To position MassMutual as a market leader for the next stage of growth, it is critical that we build top engineering capacity in a rapidly changing digital world. Romania has a significant pool of highly trained engineering professionals and so we are very excited to build operations in both Bucharest and Cluj.


    ▪ Ability to manage multiple tasks and perform work with a reasonable level of supervision
    ▪ Demonstrated analytical and diagnostic skills
    ▪ Knowledgeable in reviewing third-party security controls and relating them to data classification standards
    ▪ Versed in reviewing third-party audit reports, such as SOC 2, and penetration tests
    ▪ Working with and executing in the RSA Archer eGRC platform, including mastery-level use of Excel export/import functions
    ▪ Versed in technical acumen related to IT Hygiene and vulnerability management
    ▪ Excellent at communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues in clear and concise business terms
    ▪ Experience with third party risk management evaluations, breach management strategies, a working knowledge of controls, and information security contract requirements.
    ▪ Bachelor’s degree in Computer Science, Business Administration, or 5-7 years of equivalent experience in information security governance concepts


    ▪ Complete third-party assessments, including review of third-party controls and audit reports, such as SOC 2 and penetration tests
    ▪ Third Party breach notification assessment and management
    ▪ Log assessment review issues in the eGRC tool and track through to remediation
    ▪ Communicate program processes to stakeholders
    ▪ Train stakeholders (including Supplier Relationship Managers) on program processes
    ▪ Review proposed updates to Information Security Requirements (ISRs) to determine appropriate risk coverage
    ▪ In partnership with Procurement, address/resolve information security requirements for contracts