• Ensure third-party supplier's compliance to business requirements - business agreement, policies, procedures, and regulations
• Lead third-party supplier security risk assessment and remediation activities
• Research, understand and analyze information security risks applicable to a supplier
• Conduct discovery call and perform risk-based assessment
• Review evidence and supporting documentations from the supplier
• Communicate identified security gaps, provide recommendations, and monitor/track progress until its completion
• Collaborate with internal stakeholders and management for any process deviations, delays, or escalations
• Oversee and supervise assigned analyst’s work to ensure risk assessment and remediation activities are carried out effectively and efficiently
• Perform reviews of risk assessment documentation and remediation completion
• Attend and observe risk assessment and remediation meetings
• Provide support, guidance and assistance to any inquiries, concerns, or challenges
• Track completion and ensure that SLA is met
• Assist with the execution of the Information Risk Governance program
• Participate in solving complex problems, address issues and challenges
• Develop or support solutions for process improvement
• Contribute to training program implementation
• Lead or participates on special projects
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so
  

• Certifications: Sec+, CISA, CRISC, CISM, ISO 27001 Lead Auditor, ISC2 CC
• 5+ years of experience in IT or IS compliance/audit
• Solid communication (listening, verbal, written) and presentation skills
• Advance level experience in MS Office 365
• Ability to develop effective relationships with team members, suppliers, and internal stakeholders
• Knowledge and understanding of different security products (MFA, encryption, threat & vulnerability, antivirus, network protection, etc.)
• Knowledge or working experience with various compliance frameworks and regulations like HITRUST, ISO 27001, SOC 2 Type II, PCI DSS, NIST, etc.
  
  

Please refer to job description.