GRC - Third Party Risk Specialist – Remote
Location: Brazil
Job Description for Third Party Risk Specialist
Requirements
• 1-5 Years of Information Security Experience
• Speaks English, Spanish, and Portuguese
This role, part of the GRC (Governance, Risk, and Compliance) team in the Information Security Department, involves collaboration with Legal, Purchasing
Responsibilities include:
• Third-Party Risk Assessment: Conduct risk assessments of third-party vendors to ensure they meet security requirements and standards.
• NIST Attestation Review: Review and ensure compliance with NIST (National Institute of Standards and Technology) standards and attestations.
• Risk Communication: Communicate risk assessment findings to team owners, custodians of information risk, business partners, and information governance and security teams.
• Risk Management Advice: Provide advice to information governance or security teams to enable informed risk management decisions.
• Control Implementation: Identify and facilitate the implementation of appropriate controls to effectively manage information risks.
• Risk Posture Improvement: Identify opportunities to improve risk posture, develop solutions for remediating or mitigating risks, and assess residual risk.
• Relationship Management: Maintain strong working relationships with individuals and groups involved in managing information risks across the organization.
Key Qualifications
• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
• Ability to identify and assess the severity and potential impact of risks, and communicate findings to risk owners outside the cybersecurity program to drive objective, fact-based decisions that optimize the trade-off between risk mitigation and business performance.
• Understanding of organizational mission, values, goals, and consistent application of this knowledge.
• Ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization.
• Ability to apply original and innovative thinking to produce new ideas.
• Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business.
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Strong problem-solving and troubleshooting skills.