Security Engineer Risk

A prestigious company is on the search for a Security Engineer Risk. This individual will be doing third party evaluation of Cyber Risk. They are looking for someone who has at least 3+ years of experience with Third Party Risk Assurance or Audit. They want someone with an Audit background that includes familiarity with SOC I and SOC II, and ISO 27001.

The Security Engineer III will be responsible for assessing, overseeing and facilitating cyber risk activities, including:

• Assisting Businesses and coordinating with Procurement risk teams to facilitate risk identification and assessment for Third Party products/services during the on-boarding process (Third Party Evaluation).
• Project manage and executing on-going risk assurance activities including re-completion of Cyber Assurance activities and oversight of Businesses to ensure continued compliance with TPRA requirements.
• Project manage the enterprise TPRA service, requirements, procedures, technology, tools and templates.
• Providing stakeholder guidance throughout the TPRA life cycle (Third Party Evaluation: Pre-Contract and Third Party Assurance: Post Contract) as well as facilitating escalations regarding identified third party related exceptions or events.

How you will make an impact:

• Execute cyber assurance activities on behalf of the business and ensure coordination of efforts in a timely manner. This includes, but is not limited to leveraging external security reports, performing remote or on-site deep dive security control evaluation and independent report evaluation.
• Actively monitor the exception management activities performed by the Business to ensure timely remediation or acceptance of identified exceptions.
• Ensure businesses and TPRA stakeholders receive training regarding Company's TPRA capabilities, procedures and requirements.
• Perform Quality Control (QC) and Quality Assurance (QA) on TPRA activities completed throughout the life cycle.
• Oversight of third party data integrity and source of truth management within the TPRA Tool.
• Management and administration of TPRA procedures, tools and corresponding support materials.

What we're looking for:

• Bachelor's Degree or equivalent work experience
• 3-5 years of experience in Third Party Risk Assurance or audit required (remote or on-site)
• Deep knowledge of cyber security principles and best practices (industry certifications preferred)
• Audit background, including familiarity with SOC I (SSAE16 ) and SOC II, ISO 27001, etc. preferred
• Knowledge of insurance industry preferred
• Third Party Risk Assurance service design and execution experience preferred