Third-Party Cyber Risk Analyst

The Third-Party Cyber Risk Analyst will join the global effort in driving Alcority’s Third-Party Cyber Security Risk Management program in identifying, assessing and managing the risks to Alcority and associated Enterprise companies.  As a member of the IT Risk and Compliance team and part of the Office of the CISO, this role will be critical in maturing the current Third-Party risk program and creating/building new processes and as part of an effort to grow our security maturity across our portfolio of companies.  The ideal candidate for this position is a proven thought leader, problem solver and integrator of people and processes, as well as an effective internal consultant. Reporting to the Third-Party Cyber Risk Lead, this role will work alongside the broader Technology and Security teams to assess and quantify the risk presented by third parties in use across the group.  This will include, but not be limited to pre-contract cyber diligence for portfolio company vendor and third-party relationships, risk identification and mitigation planning based on third-party risk profile. To be successful in this role, you will need to be a self-starter, ready to dig into new vendors/third-parties, be thorough in your evaluation of the security posture of these potential third-party partners, and clearly convey any risks. This role will be responsible for identifying, evaluating, and reporting on third-party information security risks across the portfolio, and will work with our portfolio companies to assess their third-party risks, communicate those risk, and on an ongoing basis perform risk assessments of new vendors and third-parties requested by the business.

Responsibilities:

• Lead risk/security assessments of suppliers and Third Parties to identify, validate, and remediate Cybersecurity Risks. Plan, coordinate, and lead onsite assessments of Third Parties against Alcority’s security framework and industry security standards.
• Support ongoing monitoring of Suppliers and Third Party to review compliance against compliance and regulatory requirements.
• Identify, prioritize, and pursue opportunities to enhance Alcority's TPRM processes and introduce innovative approaches and solutions to optimize efficiency and effectiveness. Contribute towards process improvement of team processes, templates, and tools.
• Develop trusted relationships with Business Partners, portfolio and group company IT Executives, Security & Compliance Officers, and other teams.
• Be up to date on the broader regulatory landscape affecting Alcority’s group business areas, remain current with emerging regulatory sentiments as well as solution trends in the marketplace.
• Collaborate with internal partners and third parties to identify, track, and provide recommendations on mitigating third party risks.
• Provide strategic cybersecurity third-party risk advisory and compliance expertise for portfolio and group companies, ranging from security assessments to policy definition/adoption.
• Document current state of existing Third-Party Risk Management processes including controls, processes, and technologies and deliver key findings and recommendations.
• Develop implementation strategies and roadmaps to help our portfolio and group companies implement Third-Party Risk Management and onboard them to the Alcority processes.

Requirements:

• 3 years of proven working experience in operational risk management, information security, cyber security, IT Audit, crisis management, security standards/ assessments, or risk management in a Big 4 or similar organization.
• At least 1 years of proven working experience focused on supply chain or third-party risk management.
• Experience in a customer/client-facing environment delivering products, providing presentations, and running client status meetings.
• Solid understanding of risk management concepts, particularly related to third party risk management, information security, IT general controls, and basic audit terminology and concepts.
• Attention to detail, sound judgement, logical thinking, and proven ability to drive tasks to completion, meet deadlines in a fast-paced environment, and adapt to changing business environment with periodic supervision.
• Demonstrated professional communication and client relationship skills.
• Experience reviewing the work of outsourced providers and team members to ensure that assessment reports and quality of overall product to the end consumer is professional and accurate
• Ability to effectively manage multiple tasks simultaneously.
• Understanding of compliance, fraud, and risk mitigation frameworks; NIST, ISO, NERC CIP.

Education:

• Bachelor’s degree with cyber, IT management, or strong technical focus required (e.g., information technology, computer science, management information systems).
• Certification in security or risk management (CTPRP, CRISC, CISA, CISM, or similar) preferred.

It is impossible to list every requirement for, or responsibility of, any position.  Similarly, we cannot identify all the skills a position may require since job responsibilities and the Company’s needs may change over time.  Therefore, the above job description is not comprehensive or exhaustive.  The Company reserves the right to adjust, add to or eliminate any aspect of the above description.  The Company also retains the right to require all employees to undertake additional or different job responsibilities when necessary to meet business needs.

Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

Benefits & Perks:

• Time Off:  25 days of PTO for full-time employees and 12 company holidays.

• Company Paid Benefits:  Life insurance, Short-term disability, Long-term disability, Paid parental leave, Employee Assistance Program, and medical insurance in our high deductible health plan.

• Optional Employee Paid Benefits: Medical insurance in our EPO plan, Dental benefits, and Vision benefits. We also offer Health Savings Accounts, Flexible Spending Accounts, Supplemental Life insurance, and more.

• 401(k): Eligible after 60 days. Discretionary company match of 50% up to the first 6% of contributions.

EQUAL OPPORTUNITY EMPLOYER

ALCORITY IS AN EQUAL EMPLOYMENT OPPORTUNITY EMPLOYER. THE COMPANY'S POLICY IS NOT TO DISCRIMINATE AGAINST ANY APPLICANT OR EMPLOYEE BASED ON RACE, COLOR, RELIGION, NATIONAL ORIGIN, GENDER, AGE, SEXUAL ORIENTATION, GENDER IDENTITY OR EXPRESSION, MARITAL STATUS, MENTAL OR PHYSICAL DISABILITY, AND GENETIC INFORMATION, OR ANY OTHER BASIS PROTECTED BY APPLICABLE LAW. THE FIRM ALSO PROHIBITS HARASSMENT OF APPLICANTS OR EMPLOYEES BASED ON ANY OF THESE PROTECTED CATEGORIES.