Third Party Cyber Risk Program Manager

at Control Risks
  • Remote - United States

Remote

Cybersecurity

Manager

Job description

We are looking for a highly skilled and dynamic professional to join our team as a Third Party Cyber RIs Assessor & program manager for Third-Party cyber risk assessment responsible for leading and conducting third-party cyber risk assessments for a global client portfolio.

In this position, you will be responsible for leading comprehensive cybersecurity risk assessments for third-party vendors, suppliers, and partners, while simultaneously managing the overall third-party risk assessment program. The ideal candidate will have both technical expertise in cyber risk management, strong program management as well as audit skills to oversee the successful execution of third-party assessments at scale.

While this position is remote, it will have a preference towards people in the Dallas area to be closer to the client stakeholder.

  • Lead and conduct detailed cybersecurity risk assessments (audits) for third-party vendors, including reviewing their information security practices, policies, and controls.
  • Assess third-party vendor security risks across multiple domains, including data protection, network security, identity & access management, and incident response.
  • Identify, evaluate gaps and/or deficiencies in cybersecurity technical and/or policy/procedure controls.
  • Perform thorough due diligence on third-party suppliers and partners, identifying potential vulnerabilities and risks that could impact the organization.
  • Recommend solutions and alternatives to remediate gaps and/or deficiencies in cybersecurity technical and/or policy/procedure controls.
  • Independently lead assessment meetings with clients and third parties to evaluate the implementation of cyber controls.
  • Collaborate closely with global line management and regional colleagues on delivery, client management and internal and client communications.
  • Master client’s proprietary security and contractual standards.
  • Apply recognized cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls) in risk assessments and audits.
  • Document findings, assessment processes, and recommended actions in a clear, concise, and actionable manner.
  • Stay up-to-date with the latest trends, threats, and regulatory changes in cybersecurity and risk management

Program Management of Third-Party Cyber Risk Assessments:

  • Execute the third-party risk assessment program to ensure comprehensive coverage across the global client portfolio.

  • Evolve existing processes and methodologies for third-party assessments, ensuring consistency, quality, and efficiency.

  • Oversee the day-to-day execution of the third-party risk assessment program, coordinating across global teams and managing timelines, resources, and priorities.

  • Track progress, assess risks to program timelines, and ensure alignment with organizational goals and business objectives.

  • Regularly report on program status, risk assessments, and findings to senior leadership and other stakeholders.

  • Provide expert insights on the impact of third-party risks to the broader organization and guide executive decision-making.

  • Continuously evaluate and refine third-party risk assessment processes, looking for opportunities to improve efficiency, scalability, and integration with other risk management functions.

  • Lead initiatives to incorporate automation, tools, and platforms that streamline the assessment process and enhance data-driven decision-making.

  • Manage a small global team of assessors or support staff, providing leadership, mentoring, and ensuring successful completion of assessments and program deliverables.

  • Support hiring, training, and development of team members to build a high-performing program management team.

  • Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or a related field (or equivalent experience).

  • 8+ years of experience in cybersecurity, risk management, or IT auditing, with at least 3 years focused on third-party risk assessments and program management.

  • Proven experience in both hands-on cyber risk assessment and program management in a global environment.

  • Experience working in the Healthcare industry is required.

  • Demonstrable expertise leading the delivery of assessments based on cybersecurity standards and frameworks such as NIST CSF 2.0, IS27001 and 27002, SOC2, Center for Internet Security (CIS) best practices, PCI-DSS, CSA Cloud Controls Matrix, GDPR, HIPAA, HITRUST, etc.

  • Hands-on experience with tools and platforms used for third-party risk assessments, vulnerability scanning, and audit processes

  • Strong understanding of information security domains such as access control, encryption, vulnerability management, network security, and incident response.

  • Evidence of supporting clients overcome cybersecurity challenges in a broad array of sectors which may include, but is not limited to: Technology, Financial Services, and Retail.

  • A deep understanding of governance, standards, and compliance as they pertain to cyber security.

  • Ability to analyze complex security data and translate findings into industry specific recommendations.

  • Strong communication skills with the ability to effectively present risk findings and recommendations to senior leadership and non-technical stakeholders.

Preferred Qualifications

  • Certifications: CISSP, CISM, CRISC, CISA, SCP, CCNP, ISO 27001 Lead Auditor  or other relevant security or risk management certifications.

  • Experience working in a global organization and understanding of the challenges involved in managing risks across multiple jurisdictions.

  • Experience managing global programs and understanding of the complexities associated with vendor relationships in diverse geographical regions.

  • Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarized in the full job offer.

  • We operate a discretionary bonus scheme that incentivizes, and rewards individuals based on company and individual performance.

  • Control Risks supports hybrid working arrangements, wherever possible, that emphasize the value of in-person time together - in the office and with our clients - while continuing to support flexible and remote working.

Control Risks is committed to a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. If you require any reasonable adjustments to be made in order to participate fully in the interview process, please let us know and we will be happy to accommodate your needs.

Control Risks participates in the E-Verify program to confirm employment authorization of all newly hired employees. The E-Verify process is completed during new hire onboarding and completion of the Form I-9, Employment Eligibility Verification, at the start of employment. E-Verify is not used as a tool to pre-screen candidates. For more information on E-Verify, please visit www.uscis.gov.

Share this job:
Please let Control Risks know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at Control Risks

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply