At least five (5) years of experience working in Information Security Governance Risk and Compliance role, which demonstrates experience at a minimum:
- Expertise in writing technical and risk management reports.
- Strong analytical, problem-solving, and organizational skills.
- Subject matter expertise in assessing and mitigating risks associated with vendor relationship, vendor risk assessments and control evaluations, and performing risk-based due diligence.
- Technical understanding of the cybersecurity landscape and working knowledge of common information security and privacy controls, guidelines and standards (e.g., ISO27001, SOC 1/2, NIST SP 800-53, NIST SP 800-171).
At least three (3) years of experience working with third-party risk management, which demonstrates experience at a minimum:
- Experience in third-party risk from a cyber perspective
- Developing and implementing supportable and sustainable processes to manage third-party cyber risks Hold and provide proof in submittal package of one of the following certifications: Certified Information Systems Security Professional (CISSP) certification, Certified Information Systems Auditor (CISA), Certified Third-party Risk Professional Certification (CTPRP), or Certified Third-party Risk Assessor (CTPRA).