**Description** Member of the Enterprise Cybersecurity and Risk team with responsibility for execution of the TPRM (third⁃party risk management) program. Perform cyber risk⁃based assessments which document key risk areas for third⁃party vendors. Work with both internal Cybersecurity and Vendor points of contact to develop remediation plans and track resolution status. Job Responsibilities + Partner with program leads to identify vendor due diligence requirements and ensure vendor inventory and status is kept up to date + Able to review vendor due diligence materials (i.e., SOC1/SOC2, Vulnerability Scan, ISO 27001, etc.) and identify potential risks + Familiarity with the difference between SaaS and COTS based applications and the unique risks of each + Awareness of emerging cyber threats including zero⁃day vulnerabilities and supply chain related risks + Able to understand details of vendor's cyber security program and identify where gaps exist with internal company policy requirements + Ability to perform root cause analyses on issues identified and clearly articulate to a less technical user + Identify potential vendor related issues and follow up with internal stakeholders and external vendor to develop remediation plan for unresolved issues + Able to triage use cases and prioritize risk based on scope and impact + Produce risk assessment reports and work with vendors to implement remediation responses + Work with brands, procurement, supply chain, R&D and others to document specific use cases and third⁃party engagements + Work with program lead and legal/privacy team to identify required contract security provisions to remediate risks identified in vendor assessment + Experience with industry⁃recognized Cyber, Privacy, Governance, Risk and Compliance (GRC) applications + Experience with Shared Assessments ( https://sharedassessments.org/) methodology including use of their Standardized Information Gathering (SIG) questionnaire + Professional verbal and written communications + Able to develop effective relationships with all levels of internal and external stakeholders **Qualifications** + CTPRP/CISSP/CISM/CRISC certification or equivalent desired + Experience in Information Technology and Cyber Security highly desired + Internal Audit related experience a plus + Bachelor's Degree (preferably in Information Technology or Cyber Security) or equivalent work experience + Skills: IT Audit, Risk Assessment, Cybersecurity, SOX compliance, GxP Compliance, SOC1, SOC2, ISO 27001 certification