Qualifications:

• CISA, CISM or ISO 27001 Lead Auditor
• Has 7+ years of experience in IT/Financial Audit and/or IT risk assessment activities.
• Has at least 2+ years of people management experience.
• Experience in troubleshooting general computing controls for desktop, information, and network security.
• HIPAA Risk Assessments & security control frameworks like ISO27001/NIST

Responsibilities:

• Provide day to day team leadership for third party supplier security risk assessment and remediation analysts
• Contribute to employee coaching, development, and performance reviews
• Lead assessment of various workstream
• Communicate performance results to leadership
• Develop and/or contribute to training programs to support program implementation and operations
• Track analysts’ quality and SLAs in assessments and remediation
• Present and understand key operational and risk metrics to internal stakeholders and other business partners
• Lead collaboration efforts with internal stakeholders on projects and objectives for process improvement
• Work directly with the supplier management office on escalations
• Perform peer reviews and provide guidance to analysts on their assessments and remediation
• Research and analyze supplier profiles
• Conduct discovery calls with suppliers and internal stakeholders
• Work with peers and management to identify information security risks to move to remediation
• Escalate any assessments to internal stakeholders and management in a timely manner
• Able to support and handle risk assessments activities end to end from determining tier, workstream to assessment and remediation closure
• Collaborate with internal stakeholders and management for any delays and escalations during the remediation process
• Review supplier’s supporting documentation to close remediation records
• Develop and guide a group of analysts in skills or career development
• Enable business partners through insights for process and programs developments