Third Party Risk Analyst
TMF Group helps its clients operate internationally and ‘belong’ wherever they are in the world. Our work includes helping companies of all sizes with business services such as HR and payroll, accounting and tax, corporate secretarial, global governance and administration and fiduciary services for structured finance, private equity and real estate investments.
About the role: The Third Party Risk Analyst is primarily responsible for assessing the Information Security posture of third parties (Sub-contractors and vendors) including their IT applications in scope of the service provided to TMF, at the time of contracting their service and periodically thereafter.
The Third Party Risk Analyst is also responsible for assessing information security risks from third parties and specifying appropriate technical and organizational controls to address the risks to be formally included in the contract with the third parties. The incumbent will create a program to check the compliance of the third parties to the specified security requirements on an annual basis by conducting reassessments/audits. The person will report to the Global Security Assurance Manager.Key Responsibilities
ISAE 3402 Implementation and Audit Coordination
- Define, review and maintain Vendor Assessment procedure and assessment questionnaire
- Review vendor responses and ensure required controls are in place. Identify gaps and raise them with sponsors for resolution
- Identify technical and organisational measures/security controls that need to be included in the contract with the vendor
- Maintain an inventory of onboarded vendors, along with key contact personnel, and rate them based on access level/risk level / criticality level
- Conduct periodic (annual) reassessments to verify/validate the security posture of the vendor and compliance to the agreed security controls
- Share details of vulnerabilities that may affect the applications provided by the vendor and check if the vulnerabilities are remediated in a timely manner.
The Third Party Risk Analyst needs to possess strong technical and soft skills, as highlighted below:
- The ideal candidate should have a Computer Science Education – Bachelor’s or Master’s Degree
- The candidate should have 6 -7 years of relevant work experience in Information Security, with third party risk management as a primary responsibility.
- ISO 27001 Standard
- ISO 31000 Standard/risk assessment
- Knowledge of security frameworks like NIST Cyber Security Framework and regulations such as GDPR, HIPAA, etc. would be an added advantage
- Understanding of security in relation to compliance with local legislations and regulations
- Excellent interpersonal skills. Ability to connect with and communicate appropriately across junior to senior-level staff
- Excellent written and spoken skills in English. Knowledge of Spanish, Portuguese or any other foreign language would be an added advantage
- Good organizational skills
- Attention to detail
- Good understanding of the business
- Ability to work with minimum supervision
- Ability to work under stress
- Sense of responsibility
Make an impact
- Our global presence in more than 80 countries allows you to impact how global and diverse clients do business as well as give back to the global communities we operate in
Be part of One TMF
- At TMF Group, it’s our people who make us who we are. Our company thrives on entrepreneurial spirit and is full of proactive people who combine enthusiasm with responsibility and accountability.
A world of opportunity
- Regardless of where you are in your career, TMF Group opens a world of opportunity where you will be part of our team and is supported in your global career journey.
For further information, and to apply, please visit our website via the “Apply” button below.