Tech Risk Assurance - Third Party Lead

Opportunity to shape risk culture and ensure technological safeguards in a dynamic, collaborative environment.

As a Tech Risk Assurance - Third Party Lead in Cybersecurity Technology & Controls, you will lead expert technical risk assurance and control oversight to ensure the firm's products and lines of business achieve their objectives while effectively managing risk.

Utilizing your background in technology risk management, you will work with cross-functional teams to identify, assess, and mitigate emerging risks and vulnerabilities.

Your tactical and strategic decision-making will significantly impact the firm's operations, financial management, and public image.

You will play a crucial role in fostering a robust risk culture and catalyzing continuous improvement, contributing to the development and implementation of comprehensive risk management policies, standards, and controls.

Job responsibilities


* Lead efforts to strengthen the firm's third-party risk assessment and control environment, identifying areas for improvement and advising on control implementation to mitigate thematic risks.


* Advise stakeholders on risk management, controls development and adherence to mitigate risks


* Proactively monitor key risk indicators, analyze control metrics, and offer insights on risk management effectiveness to senior management, driving continuous improvement initiatives


* Collaborate with Control Owners to establish and uphold clear cyber, technology, and data control requirements for all third-party relationships.


* Influence, drive, and oversee the efficient execution of third party assurance programs, ensuring alignment with organizational objectives, risk appetite, and regulatory compliance, while continuously updating requirements to address evolving threats and regulatory changes.


* Engage with regulators, clients, and stakeholders on risk-related issues, provide necessary oversight, ensuring compliance with laws, regulations, and internal policies


* Act as a liaison to Global Supplier Services, Tech Risk and Controls, Product Security, Business Control Managers, and GRC leads to foster a collaborative approach to third-party risk management.


* Partner with legal and procurement teams to ensure contracts with third-party vendors include robust cybersecurity and data protection provisions.

Required qualifications, capabilities, and skills


* Obtain 8+ years of experience in third-party risk management, cybersecurity, technology risk, or related disciplines and a Bachelor's degree in Information Security, Cybersecurity, Risk Management, Business Administration, or related field; Master's degree preferred.


* Experience in a highly regulated industry (e.g., financial services, healthcare) is strongly preferred.


* Deep understanding of third-party risk management frameworks, cybersecurity controls, and regulatory requirements (e.g., OCC, FFIEC, GDPR, ISO 27001, NIST).


* Proficiency ...