GRC Third-Party Risk Specialist - 100% Remote
Candidate Location – Brazil
Employment Type: 12 months plus contract
Start date – DOE
Job Description
Requirements
1-5 Years of Information Security Experience
Speaks English, Spanish, and Portuguese
* This role, part of the GRC (Governance, Risk, and Compliance) team in the Information Security Department, involves collaboration with Legal, Purchasing, and other departments at Nissan-Americas. Responsibilities include:
* Third-Party Risk Assessment: Conduct risk assessments of third-party vendors to ensure they meet security requirements and standards.
* NIST Attestation Review: Review and ensure compliance with NIST (National Institute of Standards and Technology) standards and attestations.
* Contract Review: Review legal contracts between Nissan and vendors to ensure security requirements are met.
* Risk Communication: Communicate risk assessment findings to team owners, custodians of information risk, business partners, and information governance and security teams.
* Risk Management Advice: Provide advice to information governance or security teams to enable informed risk management decisions.
* Control Implementation: Identify and facilitate the implementation of appropriate controls to effectively manage information risks.
* Risk Posture Improvement: Identify opportunities to improve risk posture, develop solutions for remediating or mitigating risks, and assess residual risk.
* Relationship Management: Maintain strong working relationships with individuals and groups involved in managing information risks across the organization.
Key Qualifications
* Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
* Ability to identify and assess the severity and potential impact of risks, and communicate findings to risk owners outside the cybersecurity program to drive objective, fact-based decisions that optimize the trade-off between risk mitigation and business performance.
* Understanding of organizational mission, values, goals, and consistent application of this knowledge.
* Ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization.
* Ability to apply original and innovative thinking to produce new ideas.
* Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business.
* Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
* Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
* Strong problem-solving and troubleshooting skills.