Home
/
Data and Analytics
/
Third-Party Security Assurance Lead
Third-Party Security Assurance Lead-November 2024
San Antonio
Nov 28, 2024
About Third-Party Security Assurance Lead

  "I can succeed as the Third-Party Security Assurance Lead at Capital Group."

  The Third-Party Security Assurance Lead will lead and oversee comprehensive security, technology and Disaster Recovery assessments of our 3rd and 4th party suppliers working closely with our Legal, Technology Risk, and Global Risk Management teams. This role will ensure that all 3rd and 4th party providers are risk ranked and assessed to meet our rigorous security, technology risk management and disaster recovery requirements.

  Responsibilities:

  Lead the development, implementation, and maintenance of the organization's Third-Party Security Program and Assessments.Conduct technical security assessments of third- and fourth-party systems, networks, business, D/R/Operations resilience, business processes, and applications, identifying information vulnerabilities and risks.Ensure security, D/R, Technology Risk clauses and requirements are included in third-party contracts and SLAs, protecting the organization, and ensuring compliance with security policies and procedures and regulatory requirements.Work with business units and the legal team to define security requirements, standards, and training for third-party contracts.Collaborate across the organization to document and identify all risk mitigation measures associated with third parties, including identifying back-up third parties, strength and/or maturity of the company, and other crucial factors.Independently create and consistently refine summaries, reports, KRI/KPI's and governance documentation associated with the Third-Party Security and Security Assurance Program.Manage the Policies and Procedures related to the Third-Party Information/Technology Risk Management, working closely with Global Risk Management.Monitor changes in the regulatory landscape to ensure program aligns with laws, regulations, and industry best practices (e.g., ISO 27001, MAS, SEC, GDPR, CCPA, etc.).Develop and provide regular reports on the status and effectiveness of the program to senior management and relevant committees.Lead risk remediation efforts when third-party security risks are identified, working in coordination with IT, Legal, and Compliance departments.Develop and deliver third-party security risk training and awareness programs to internal stakeholders in collaboration with the Security Awareness team.Improve third-party security risk management strategies, tools, and methodologies on an ongoing basis.Act as a point of contact for internal and external auditors on 3rd party related audits for Technology, Security, Disaster Recovery related diligence.Establish security, Disaster Recovery, and Technology Risk requirements with our oversight committee to drive reasonable vendors and vendor controls in alignment with our Cyber risk appetite.Perform assessment for Technology Risk and our Offshore Development Centers.Collaborate with various stakeholders, including third party providers, business units, Legal, Compliance, Global Risk Management, and other teams.

  "I am the person Capital Group is looking for."

  Bachelor's degree in information security, Computer Science, cybersecurity, business administration, finance, or risk management.A minimum of 6 years of experience in third-party security. Prefer experience within the financial services sector, but not required.Strong understanding of technical security principles, IT risk concepts, and familiarity with relevant regulatory requirements.Proficiency with technical security and D/R assessment tools and methodologies.Exceptional communication skills, with the ability to clearly explain complex security issues to non-technical stakeholders; ability to prepare detailed reports.Experience in contract negotiation from a cyber security standpoint.Ability to effectively manage multiple projects and provide leadership in a cross-functional financial services environment.A strong analytical skill set and approach, including the ability to analyze due diligence information collected from the Third Party, analysis from internal and external Subject Matter Experts, and information related to the services and products offered by the Third Party.Strong understanding of technical security and D/R principles, IT risk concepts, and familiarity with relevant 3rd/4th party oversight regulatory requirements.Proficiency with technical security assessment tools and methodologies.Knowledge of data analysis, contract review, data privacy, information security, information technology and Disaster Recovery/Business Continuity Plan principles.Ability to identify and assess potential risks and vulnerabilities and ensure evidence is sufficient when assessing the relevant controls.Strong written and verbal communication skills to prepare detailed reports and effectively communicate with stakeholders.Experience with Shared Assessments evaluations preferred.Proficiency with technical security assessment and monitoring tools and methodologies.Relevant certifications preferred (e.g., Shared Assessments (CTPRA, CTPRP), CISA, CRISC and/or CISSP certification).Strong knowledge of 3rd party oversight or industry security frameworks such as NIST 800-53, NIST CSF, NIST 800-161, CIS 20, Cloud CCM, Shared Assessments.Experience with MAS, FCA, OCC/FFIEC, SEC Vendor security oversight examinations.

  Southern California Base Salary Range: $178,448-$285,517

  San Antonio Base Salary Range: $146,698-$234,717

  New York Base Salary Range: $189,164-$302,662

  In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.

  You can learn more about our compensation and benefits here.

  We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

Comments
Welcome to zdrecruit comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Show More Comments
SIMILAR JOBS
Sr SDET
Req ID: 260528 NTT DATA Services strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking o
Data and Analytics Methods Co-op (Summer/Fall 2024) (Onsite)
Date Posted: 2023-08-11 Country: United States of America Location: HIA32: Cedar Rapids, IA 400 Collins Rd NE , Cedar Rapids, IA, 52498-0505 USA Position Role Type: OnsiteLooking for an exciting oppo
Data Management Analyst
Your role Are you detail oriented, and able to ensure that complex concepts are simply and correctly documented? Are you able to communicate confidently and concisely with all levels of people, liste
AIML - Software Engineer, Machine Learning Platform & Infrastructure
Summary Posted: Sep 5, 2023 Weekly Hours: 40 Role Number:200501153 Imagine what you could do here. At Apple, great ideas have a way of becoming great products, services, and customer experiences very
Registered Client Associate
Your role Are you truly service oriented? Do you know how to take care of people? We're looking for a Registered Client Service Associate to: • Keep management systems up-to-date with client informat
Content Delivery Leader
Job Title: Content Delivery Leader Location: Durham, NC Job Summary: Capgemini is seeking a highly skilled and experienced Content Management System (CMS) Solution Architect to join our team. As a CM
Data Science Intern, 2024 Summer U.S.
Working at Atlassian Atlassians can choose where they work whether in an office, from home, or a combination of the two. That way, Atlassians have more control over supporting their family, personal
Associate Supply Chain Analyst - Hybrid (Contract)
As a member of our Supply Chain team, you will make a daily impact on the lives of others. Apply today and you will get a chance to work with high-functioning, driven people who all have the same mis
AIML - Machine Learning Research Scientist, Siri Information Intelligence
Summary Posted: Nov 8, 2023 Weekly Hours: 40 Role Number:200519333 Imagine what you could do here. At Apple, great ideas have a way of becoming great products, services, and customer experiences very
Sr. Pricing Analyst
Date Posted: 2023-10-21 Country: Philippines Location: Lot 18 3rd Street, First Philippine Industrial Park, Tanauan City, Batangas, Philippines Position Role Type: UnspecifiedCoordination with Custom
Copyright 2023-2024 - www.zdrecruit.com All Rights Reserved