Avatar for Privva

Vendor Risk Management Platform

Third Party Risk Senior Analyst

$90k – $125k • 0.25% – 0.5%
Apply now
Job Summary:

The position will be primarily responsible for assessing the information security posture of clients’ third parties and coordinating the overall execution and delivery of assessments. The position will be responsible for leading the effort to identify key risks and information security gaps. Projects would be performed through interacting with the Privva clients, as well as the client’s vendors, service providers, and partners. Specific projects may include:
Coordinating the schedules and assessments for Privva clients and overseeing all aspects of completion of the third party security assessment.
Performing due diligence on an individual third party relationship to assess the technology and other business related risks.

Job Responsibilities:

- Develop, coordinate, plan and execute security assessments of Privvas’ clients third parties vendors focusing on compliance with regulations, company policies, and internal controls.
- Document assessment template, follow up on outstanding deliverables, and score the assessment with an overall risk rating.
- Review internal and external security and technical test reports (audit, vulnerability and penetration test results, business resiliency Plans, etc.) to validate the effectiveness of operational controls.
- Facilitate and manage risk assessments and /or security initiatives from communication, approval and report distribution to key stakeholders, business units and management.
- Compose assessment report containing findings and recommendations and present to Privva clients.
Ensure that potential issues are raised promptly to senior management with a view to identify options to mitigate risk.
- Develop risk mitigation plan and strategy to be communicated to third party and ensure timely and satisfactory remediation.
- Demonstrate strong customer service skills throughout the assessment process.
- Identify enhancements and process efficiencies to keep assessment program in line best practices.
- Perform other duties as assigned.

What we look for in all team members:

- Self-starters: Are you customer focused, do you execute well, and do you have a sense of urgency? We are all here to support our customers and help them make better decisions by using data. Do you take ownership and pride in your work?
- Analytical: Numbers matter. Can you build and present a case by being pragmatic? Are you passionate about how we can help reduce cyber incidents for our clients?
- Technology natives: We are helping to save time and improve outcomes through artificial intelligence. Are you comfortable using technology? Talking to engineers?
- Team player: We are growing. Can you mentor less experienced team members? More experienced team members? Do you set context extraordinary well when you communicate? Do you want to be part of a culture where you will hold yourself accountable to the question – did I do my best every day and on every project, while contributing to our clients?
- Performance task: Do you shine in your interview by demonstrating sample work that you have done in the past and relates to the role you are applying for?

Knowledge/Skills:

- Excellent communication skills both verbal and written and ability to interact confidently with internal clients, external third parties, Auditors and Regulators.
- Ability to work both independently and as part of a team at all levels and across departments.
- Technology risk or security certification such as CISSP, CISM, CISA, CRISC or equivalent certification
- Ability to work in a fast paced environment and multi-task.
- Successful candidate should be proactive, self-motivated, and highly professional, with outstanding customer relationship skills.
- Knowledge in various information security areas, such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, IT Architecture, Monitoring, Incident Response and Security Strategy, or Physical Security or Business Resiliency.
- Knowledge in IT support, especially a Networking background to include experience with Network Devices, Servers, Routers, Switches and Firewalls.
- Familiar with assessment frameworks/standards (i.e. ISO/27000 Series, BITS SIG/SAS-70/SSAE-16, COBIT/SOX IT Control Testing, NIST, PCI-DSS)
Ability to analyze documents and determine risks and process controls.
Excellent knowledge of corporate policies and procedures and the regulatory environment.
- Ability to prioritize and organize work.
- Flexibility with work schedule and/or job requirements
- Proficiency with Microsoft Word, Excel, PowerPoint, Outlook and other PC desktop applications.

Education/Certification:

- Bachelor’s degree or equivalent combination of education and experience required.

- Two (2) years previous compliance, audit, or risk management experience required.

Privva at a glance

Vendor Risk Management Platform

Privva focuses on Risk Management, Cyber Security, and Legal Tech. Their company has offices in Baltimore and Arlington. They have a small team that's between 11-50 employees.

You can view their website at http://www.privva.com

More jobs at Privva

View all jobs

Full-Stack Software Engineer

Sr. Full-Stack Software Engineer

Account Executive