Third Party Security Analyst (Suffield)
Compensation: $71,240.00 - $190,210.00 /year *
Employment Type: Full-Time
Industry: Information Technology
Loading some great jobs for you...
Job Description: We are seeking a Third Party Security Risk Assessment Analyst to join the team.
The Security Analyst is an expanding role and entails driving a Third Party risk assessment process that is being rolled out globally. The role includes conducting 3rd party information security risk assessments, negotiating our AXAXL security contract terms into contracts, managing that portfolio of Third parties they have reviewed including entities who have not met requirements and serving as the subject matter expert in assisting adoption and execution of Third Party security risk processes within the AXA XL holistically.
Essential Job Responsibilities As part of the Global Information Security Risk team, the professional in this role must:
Participate in assessment of Third party security risk, develop mitigation plans and partner with internal stakeholders to manage non compliances
Help ensure strong oversight of all third party security risks in your portfolio and provide stakeholders and business partners visibility of existing and emerging risks
Prepare and complete security risk assessments and assist with policy, regulatory and accreditation audit preparation
Drive towards a common and consistent Third Party security risk management program to effectively manage AXA XL data(intellectual or physical asset) risk as introduced by the hosting or handling or direct connectivity by a third party to AXA XL in accordance with the AXA XL information security policy and Regulatory requirements
Provide guidance to the business, procurement and other stakeholders to ensure requirements of Third Party Security risks and assurance requirements are fully understood
Support development and execution of a robust communication and training plan to facilitate the effective application and awareness of Third Party security assurance
Monitor security control gap non-compliances for entities in portfolio, facilitate stakeholder involvement in control gap resolution including development, legally documenting in contract and communication of corrective action plans with completion dates,. Stay informed about the latest developments in the Third Party security/Data risk governance field
Position Requirements We're looking for someone who has these abilities and skills:
Strong English written and verbal skills mandatory
Ability to manage process workflow participants expecations, conlict resolution and project management skills are critical to success
Verbal negotiation skills are a plus
Ability to effectively work wiht and contribute to a close-knit team while also being a self-starter are critical to success
Ability to prioritize among competing priorities
Organizational skills and the ability to manage multiple reviews and tasks at the same time are essential
Research an development skills in all areas of information security is essential. A detailed understanding of CISSP CBK, ISO 27001/2:2013 and associated Global Data Regulations is a plus
Understanding the security impact and implementation of the triad (Confidentiality, integrity, and Availablity) on company networks and the appropriate risk model to present to business management and also to negotiate protective language into contracts are key ingredients to this position
Ability to communicate with upper management/executive level, lawyers, Information security and non-it colleagues as well as Third party contacts is a must.
Multiple languages a plus English plus German, French or Spanish etc.
Excellent technical writing skills
Information Security or IT background is helpful along with other related practical experience which should include a workin gknowledge of some if not all of the following security services and tools:
o CISSP Domains and knowledgebase
o ISO 27000 suiteof standards
o Vulnerablity scans
o Ethical hack/penetration tests
o Intrusion prevention systems/intrusion detection systems
o Firewall technoloties
o Cloud security
o Access control
o Data loss prevention
o Microsoft office
Associated topics: identity, identity access management, idm, information assurance, information security, malicious, protect, security officer, violation, vulnerability
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.
Loading some great jobs for you...