Program Manager, Security III
1701 John F Kennedy Blvd Philadelphia, PA 19103
A Global Media Company is seeking an Information Risk & Governance Analyst & Program Manager to join their team in Philadelphia, PA!
Job Title: Third Party Security Assurance – Information Risk & Governance Analyst & Program Manager
The Third Party Security Assurance Information Risk & Governance role will support requirements to ensure adherence to data governance framework for data policies, standards and practices, while achieving quality and protection requirements needed for expanded security and privacy objectives. This role will participate on the Third Party Security Assurance function serving in a Data Governance role while working closely with the Third Party Security Assurance team leader to ensure vendor security objectives as they relate to privacy objectives are achieved.
The Third Party Security Assurance Information Risk & Governance role will be responsible for performing security assessments focusing on privacy requirements such as CCPA (California Consumer Privacy Act), coordinating vendor inventory assessments, and driving remediation of findings from completed assessments. Additional responsibilities include responding to daily inquiries through a shared mailbox, ensuring third party engagements are properly decommissioned, reporting, meeting with key stakeholders, process documentation, writing requirements for process enhancements and conducting User Acceptance Testing. The ideal candidate should have worked in Third Party Risk Management role to be an effective contributor. The individual delivers outcomes, longer-term improvements, and benefits in support of the organization goals.
- Participate in Third Party risk rating and privacy scope discussions with Relationship Mangers to ensure privacy risk to is properly documented.
- Conduct security assessments of third parties through defined processes and tools, identify Findings where controls don’ t measure up to Information Security Requirements.
- Evaluate Third Party security posture through tools and partnerships, share results with Third Parties and utilize the intelligence gathered during the assessment process.
- Drive remediation of Findings related to completed Third Party security assessments. Document risk exceptions when necessary and ensure they obtain proper approval.
- Ensure Third Parties are properly decommissioned during the termination process to remove residual risk.
- Ensure processes are properly defined and formally documented for consistent execution.
- Participate in creating Business Requirements and User Acceptance Testing for enhancements to current tools such as ServiceNow.
- Meet with key stakeholders to the program to ensure continued partnership.
- Create weekly, monthly and adhoc reports as needed to represent Key Performance and Risk Indicators as they apply to the Third Party Security Assurance and Privacy program.
- Identify opportunities for process improvements to deliver increased operational efficiency in the process.
Education Level: Bachelors Degree or Equivalent
Field of Study: Information Sciences, Technology
Certifications: CISSP, CRISC, CISM, CISA, or CTPRP (preferred)
Years of Experience: Generally requires 4+ years of related experience.
- MS Office, Visio
- ServiceNow Vendor Security module knowledge a plus
- Proficient verbal and written communication skills, including the ability to effectively lead discussions and meetings
- Proficient risk assessment, analytical and negotiation skills.
- Excellent organizational skills
Kaztronix is an equal opportunity employer and does not discriminate on the basis of race, color, national origin, sex, age, religion, disability, veteran status or any other consideration made unlawful by federal, state or local laws.In addition, all human resource actions in such areas as compensation, employee benefits, transfers, layoffs, training and development are to be administered objectively, without regard to race, color, religion, age, sex, national origin, disability, veteran status or any other consideration made unlawful by federal, state or local laws.