Sr. Third Party Risk Analyst

Job Description

Position Purpose & SummaryThe primary role of this position is to support business operations usage of third parties to provide services by analyzing the risk inherent in the business activity and the supplier s services and providing guidance to manage the risks to an acceptable level and fulfilling enterprise obligations to regulatory requirements. E.g. PII, PCI, HiTech, HIPAA, Intellectual Property and Current Technologies including Application Assessment and Cloud Technology security .This role will serve as a subject matter expert to Platforms / SSC and the Business Units in relation to the key technology frameworks e.g.; OWASP, NIST, ISO, ISF, COBIT, ITIL, CSL etc., requirements around the use of technology and management of electronic information.This role will conduct and lead independent risk assessments of the services provided by potential or current third parties and perform periodic verification of compliance to specific scope and core requirements. The Technology Third Party IT Risk Analyst will assist the Platform / SSC Technology Risk & Control teams in this activity through provision and education in process and tools and reporting.This role shall also act as a lead at CBS for third party risk management, guiding, coaching stakeholders on third party risk management. This role shall also coordinate with the Enterprise Risk Managers to ensure third party risks identified are managed and controlled effectively. This role shall also lead and perform on-site third party risk assessments as required Principal Accountabilities Act as a Third Party Risk analyst lead at CBS

• Coach and train key stake holders on Third Party Risks and TPRA process
• Train and enable third party risk analysts joining the team on the process
• Enable process automation as applicable to enhance efficiency and effectiveness
• Initiate and contribute to Security Awareness across CBS

Lead and conduct Enterprise Third Party risk assessments including

• Perform and support the Platforms / SSCs in the identification and management of Third Party risks.
• Perform and support the Platforms / SSCs in the identification and management of regulatory requirement in Third Party services.
• Demonstrate excellent working relationships with IT and business management.
• Maintain an understanding of the IT systems environment and organizational structure. Bland Provide consultative services regarding
• Ad-hoc risk management advice aligned to Cargill requirements and industry frameworks, and best practices.
• Preparation in supplying the information to substantiate regulatory compliance.
• Contribute to the drafting and maintenance of TGRC Third Party Risk Management AND regulatory requirements related policies, standards, procedures and guidelines.
• Execute proactive reviews and projects designed to identify and remediate strategic IT risk issues.
• Able to communicate calmly, effectively and authoritatively, including in a crisis.

Identify improvement opportunities for the Third Party Risk Assessment practice and services

• Assess management of vulnerability program for the scope of services.
• Assist with development of IT risk management-related training materials and various other written reports.

, Education, Experience, Skills Required Qualifications

• 5 years of I/T Experience
• 2+ years experience in management of Third Party service relationships
• Working knowledge of regulatory requirements. Examples including but not limited to; PII, PCI, HiTech, HIPAA, Intellectual Property
• Working knowledge of industry security standards and frameworks e.g. OWASP, NIST, ISO, ISF, COBIT ITIL, Cloud Security Alliance etc.
• Ability to complete tasks and deliver professionally written reports for clients
• Ability to present findings to technical staff and executives
• Strong ethics and understanding of ethics in business and information security
• Proficient English language written and oral communication skills
• Strong analytical and problem solving skills
• Excellent interpersonal/communication and presentation skills
• Solid problem solving abilities
• Logical thinker, step oriented problem solving

Preferred Qualifications

• Degree in either Computer Engineering, Computer Science, or Information Systems Management
• Possess current security certifications (e.g., CISSP, CEH)
• Audit Experience
• Basic knowledge/understanding of network functionality
• Basic knowledge of Web Services and Server environments
• Basic knowledge of Application Security and Code Technologies
• Business and financial acumen

Keyskills :
underwriting riskmanagement finance risk itrisk webservices riskanalysis cloudsecurity businessunits problemsolving riskassessment enterpriserisk technologyrisk ep ting inf mationsystemsmanagement