Position Summary:
Inmar Intelligence is seeking a skilled and detail-oriented Third Party Risk Analyst to join our team. As a Third Party Risk Analyst, you will play a critical role in safeguarding our organization by assessing and managing the cyber risks associated with our third-party vendors and suppliers. You will work closely with various departments to identify, evaluate, and mitigate potential vulnerabilities and threats.
Responsibilities:
Risk Assessment: Conduct thorough assessments of third-party vendors and suppliers to identify potential cyber risks, including data breaches, unauthorized access, and other security incidents.Vendor Due Diligence: Perform due diligence on prospective vendors, evaluating their security practices, incident response plans, and compliance with relevant regulations (e.g., HIPAA,General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), etc.)Supply Chain Risk Management: Assess and manage risks associated with the use of 3rd party software, hardware, and services, with focus on full-stack Bill of Materials (BOM) analysis.Risk Mitigation: Develop and implement risk mitigation strategies to address identified vulnerabilities, such as requiring specific security controls or certifications from vendors.Contract Review: Review contracts with third-party vendors to ensure that appropriate security clauses and indemnification provisions are in place.Monitoring and Reporting: Continuously monitor the cyber security posture of third-party vendors and report on any significant changes or risks to management.Incident Response: Assist in coordinating incident response efforts when a security breach occurs involving a third-party vendor.Awareness and Training: Educate employees on the importance of third-party risk management and provide training on how to identify and report potential security threats.Stay Updated: Stay informed about emerging cyber threats, industry best practices, and regulatory requirements related to third-party risk management.Qualifications:
Bachelor's degree in computer science, information security, or a related field.3+ years of experience in cyber security or risk management.Strong understanding of cyber security principles, including network security, application security, and data privacy.Experience with vendor risk assessment frameworks and methodologies.Knowledge of industry standards and regulations (e.g., ISO 27001, NIST Cybersecurity Framework).Excellent analytical and problem-solving skills.Strong communication and interpersonal skills.Ability to work independently and as part of a team.Preferred Qualifications:
Certification in cyber security, such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified Information Systems Auditor (CISA).Experience with security information and event management (SIEM) tools.Familiarity with cloud security and infrastructure as a service (IaaS).Experience with BOM tools, such as OWASP CycloneDX.Additional Notes:
This position may require occasional travel to meet with vendors or attend industry conferences.The candidate must be able to work in a fast-paced environment and adapt to changing priorities.By joining our team as a Cyber Third-Party Risk Analyst, you will have the opportunity to make a significant impact on our organization's security posture and protect our valuable assets.
Individual Competencies:
Integrity: Gains the trust of others by taking responsibility for your own actions and telling the truth.Teamwork: Builds relationships and works cooperatively with others, inside and outside the organization, to accomplish objectives to build and maintain mutually-beneficial partnerships, leverage information and achieve results.Adaptable: Responds to change with a willingness to learn new ways to accomplish work objectives with a positive attitude.Innovative: Ability to develop, sponsor, or support the introduction of new and improved methods, products, procedures or technologies.Curious: A desire to inquire and learn, to seek new knowledge and wisdom, and to listen to the contributions of others with a genuine interest to better self, the team, and the organization.Analytical and Critical Thinking: Ability to tackle a problem by using a logical, systematic, sequential approach.Problem Solving: Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.While performing the duties of this job, the associate is:
Regularly required to use hands to finger, handle or feel objects, tools or controls, and reach with hands or arms.Regularly required to talk or hear and read instructions on a computer monitor and/or printed on paper.Regularly required to view items at an extremely close range and must be able to adjust and readjust focus.
As an Inmar Associate, you:
We are an Equal Opportunity Employer, including disability/vets.