Third Party Risk Assessor
Gravity IT Resources
To Apply for this Job Click Here
Job Title: Third Party Risk Assessor
Location: Remote
Job-Type: Contract
Referral Fee: $800
Employment Eligibility: Gravity cannot transfer nor sponsor a work visa for this position. Applicants must be eligible to work in the U.S. for any employer directly (we are not open to contract or “corp to corp” agreements).
Position Overview:
Gravity is looking for Third Party Risk Assessor to spearhead our client’s efforts to evaluate third party vendors.
The successful candidate will possess 5+ years of experience in third party risk assessment. Comprehensive knowledge of regulatory frameworks (ISO 27001) is also required.
Our client is a leading climate controlled solutions organization. They focus on moving refrigerated items and perishables around the world. The organization puts sustainability top of mind, working to provide these solutions while maintaining a better planet. They have made a commitment to investing in technology and staying cutting edge with the technologies they select.
Duties & Responsibilities:
· Conduct cybersecurity risk assessments of suppliers utilizing third part risk management framework
· Comprehensive review of inherent risk profiles
· Generate assessment reports focused on key risks and control health
· Document and report on identified supplier risks associated with the organization’s business, products, and information assets
· Work closely with internal and third party stakeholders on identifying adequate risk reduction measures where required
Required Experience & Skills:
· 5+ years of experience in a strong cybersecurity setting
· 5+ years of experience in a technical setting understanding cybersecurity concepts, standards, and guidelines relating specifically to cloud providers and SAS
· 5+ years of familiarity with multiple regulatory frameworks and controls such as ISO 27001, NIST-CSF, and or 800-53
· 5+ years of experience critically thinking and analyzing technical requirements and applying them to business/operational controls
· At least one of the following certifications preferred: CISSP, CISM, CISA, CRISC