Cyber Security Pre-Assessment Risk Analyst

The Third Party Cyber Assurance (TPCA) function within Global Information Security is responsible for oversight of third party security programs, including assessing third party security programs and maximizing protections for all aspects of security for the third party landscape. The TPCA Pre Assessment Risk Analyst team member will assist in assessment scope determination, meeting with Enterprise Vendor Managers and Third Party Subject Matter Experts (SME’s) to prepare them for the assessment, documentation collection (e.g. TruSight or vendor provided policies/procedures) and preparation of assessment work-papers.

Your primary responsibility will be to ensure each third party is prepared for the assessment and gather an understanding of the third party security risk environment. You will interact regularly with Enterprise Vendor Managers and Third Parties and act as single point of contact to prepare the Third Party for the assessment and while answering detailed risk questions. You will engage with the Third Parties security team to understand their control environment, control strength, and review information security policies/procedures for completeness.

Based upon your meetings, you will populate the assessment workpapers with detailed information for the third party assessors to document gaps and determine remediation approaches. Success in this role requires persistence, intellectual curiosity, and sound judgement – the ability to move beyond initial responses, challenge incomplete information, and continue probing until risk is clearly understood, documented, and addressed.   

• 2+ years in Information Security, Risk Management, or related discipline

• Exhibits a consistent investigative, risk focused mindset

• Outstanding verbal and written communication skills

• Strong analytical and critical thinking abilities with a logical, structured problem-solving approach

• Resilient, disciplined, and self-directed

• Ability to engage, challenge, and collaborate effectively with business and non-technical owners 

• Strong growth mindset with a willingness to expand risk and technical knowledge

• Ability to manage competing priorities and shifting timelines without compromising quality.

• Bachelor’s degree in Information Technology, Information Security or related field

• Optional Certifications: CISSP (ISC2), CISA, CRISC, CISM (ISACA), CCIE (Cisco), TOGAF, CCTA (McAfee), CCFP (ISC2).

This job will be open and accepting applications for a minimum of seven days from the date it was posted.