SSRM (Supplier Security Risk Management Assessor)
Candidate must have valid visa to work in Ireland (Stamp 4/EU Passport)
Location: Ireland.
Job type: Contract/Fully Remote.
Overview of the role:
Our client is looking for a risk assessor role with passion for assessing and aligning security controls to industry best practices and internal security standards. Must possess strong experienced in risk mitigation. Additional auditing and risk management skills and experience a plus.
Responsibilities:
- 10+ years of experience in a 3rd Party (supplier/vendor) risk assessor.
- Coordinating and performing Supplier Security Reviews.
- Ability to manage multiple concurrent complex supplier assessments and related program projects at the same time.
- Performing supplier documentation review, and analysis.
- Must be able to present/showcase achievements and progress on active projects with teammates.
- Ability to effectively identifying and measure the risk and maturity of a vendor's IT security controls.
- Proven experience in Managing security assessment review including operational, systems and applications.
- Documenting and keeping track of findings associated with suppliers and tracking them to resolution.
- Solid understanding for cloud security architecture and computing environments.
- Writing detailed supplier assessment reports based on completion of risk analysis and triaging.
- Ability to derive context from SSAE18 SOC1 and SOC2 reports, policy documents, pen test reports, architecture diagrams and other control evidence documents.
- Strong understanding of risk frameworks like ISO and NIST
- Understand compliance requirements related to HIPAA and PCI-DSS and other regulations.
- Thorough understanding of data privacy legislation, such as GDPR and other country specific Data Privacy Regulations.
- Must have 5 years of hands-on working knowledge of GRC or vendor risk management tools like Process Unity and One Trust.
- Must have 2-3 years' experience using Security Rating Services like Black Kite, BitSight, Security Scorecard or RiskRecon.
- Must have hands-on knowledge of collaboration productive tools like MS Team, SharePoint, and OneDrive.
- Hands-on use of Standardized Information Gathering (SIG) questionnaire and/or other industry standard security questionnaires to perform an initial assessment of vendors, gathering information to determine how security risks are managed.
- Strong ability to multi-task day-to-day and collaborate with business unit, privacy and procurement leads.
- Have proven analytics skills and a strategic mindset for mitigating risk.
- Effective written and verbal communication skills are required (English and Local Language Support).
- Must be a high-energy individual with a go-getter attitude.
Candidate must have valid visa to work in Ireland (Stamp 4/EU Passport)