Information Security Associate

Third-Party Risk Management

Conduct comprehensive risk assessments for third-party vendors, evaluating their information security practices, operational capabilities, and adherence to legal and regulatory requirements.

Perform thorough due diligence on both prospective and existing vendors to ensure they meet organizational standards for security, privacy, and business continuity.

Continuously monitor third-party risk exposure and generate regular reports on vendor risk status, identifying and escalating potential issues to management.

Review and manage vendor contracts, verifying the inclusion of appropriate risk management clauses and service-level agreements (SLAs).

Collaborate with internal stakeholders and vendors to develop and implement effective risk mitigation strategies, recommending corrective actions or improvement plans for vendors with identified risks.

Contribute to the development and maintenance of third-party risk management policies, procedures, and frameworks, aligning with industry best practices and regulatory mandates.

Work closely with internal teams, including Legal, Procurement, Compliance, and IT Security, to foster a unified approach to third-party risk management.

Ensure compliance with relevant regulations, standards, and guidelines such as GDPR, ISO 27001, NIST, and PCI-DSS pertaining to third-party risk management.

Conduct periodic vendor audits to confirm compliance with contractual obligations and organizational policies.

Assist in the investigation and resolution of third-party risk incidents, including data breaches and service disruptions.