Job Description

Responsibilities

• Acts as trusted advisor to senior leadership to set strategy for the Cybersecurity Vendor Risk Management program
• Provides strong leadership, develops and sets individual and team goals, acts as a change agent and leader and creates growth opportunities for all team members
• Ensures efficacy and quality of all processes in scope
• Establish contractual supplier agreements for any vendor that may access, process, store, communicate or provide IT infrastructure to an organization’s data.
• Perform initial and periodic risk assessments, and other necessary reviews, to identify, measure and manage cybersecurity vendor risks based on company standards and risk appetite, leveraging demonstrated working knowledge of industry security practices
• Develop cybersecurity compliance processes and/or audits for external services (e.g., cloud service providers, data centers)
• Manage changes to the supplier services, considering re-assessment of risks.
• Implement and maintain cybersecurity vendor risks processes for onboarding and oversight of all new and existing third-party vendor relationships
• Identifies and drives innovation and process improvements

Requirements

• At least 10 years of overall IT experience
• At Least 5 years of Cybersecurity Vendor Risk experience
• At Least 5 years of People Management experience
• Experience in the manufacturing industries is advantageous
• At least one relevant industry certification, including CISM, CRISC, CISA, CISSP, CCSP
• Broad knowledge of businesses, functions and security control environment on Vendor Risk Management experience
• Working knowledge of industry risk management frameworks, methodologies and best practices
• Strong presentation and communication skills.
• Ability to collaborate effectively with IT, Privacy, Legal and other business partners to define and achieve objectives

Technical Skills & Knowledge: - Skills including being analytical with attention to detail and long periods of focused attention and sitting, ability to prioritize, troubleshooting - Ability to perform effective cybersecurity vendor risk assessments and the ability to respond to risk assessment in a timely manner - Strong written skills to produce security feedback on contracts that are easy to understand for each defined audience - Industry standards and regulatory requirements such as ISO27K, GDPR, COSO, ISO27036, Trade Compliance - Ability to direct and lead cross-functional, cross-vendor teams.