Third Party Information Risk Consultant
Why we need you.
We're growing and our clients deserve the best. As an Information Risk Consultant on the Third Party Plus team, you'll have an opportunity to reduce information security risks arising from the use of third-party services and product providers. This is a mastery level role requiring technical acumen and previous experience in a risk-driven environment, vulnerability and defect management, and information security policy writing and editing, including building and developing risk categories and information security controls across several domains (i.e. cloud, SaaS, data protection). In this role, as well as all roles within MassMutual, you will demonstrate accountability, agility, a dedication to be inclusive, and a strong business acumen.
What success looks like.
- Develop strategic processes and approaches for ensuring information security requirements are provided to third parties prior to contract execution, as well as assurance that they are being followed as part of an ongoing due diligence process.
- Deliver on cyber-security initiatives resulting in a reduction of cyber-risk across all of MassMutual.
- Recognition as a trusted advisor with customers and stakeholders at all levels of the organization across business and IT
- Understanding of information risk modeling practices to drive decision making and allocation of scarce resources in a risk driven environment
What your days and weeks will include.
- Work with key stakeholders, including high impact third parties and audiences, to effectively manage information security domains and related controls.
- Lead the Third Party Risk Management Program as a senior member of the team prioritizing and leading program activities.
- Serve as escalation point to analyze and assess third party contractual changes to information security requirements.
- Negotiate with and influence internal and external business partners regarding third party information security requirements, including use of vBSIMM tools and methods to determine software security maturity assessments.
- Communicate in a clear and professional manner with all levels of the organization, in addition to external business partners.
- Provide Board or SLT level reporting on key performance indicators that accurately represent the deliverables and status of the program.
- Demonstrate understanding of the breadth and scope of third party control requirements to enforce and work with a Technology Lead to ensure compensating controls appropriately mitigate risk.
The skills that make you a great fit.
- 7 years technology background with experience in third party information risk management, information risk, with demonstrated ability in application of risk-driven techniques
- Software security lifecycle and vulnerability management experience including familiarity with threat modeling, static code analysis, dynamic scanning and penetration testing
- CISSP or CTPRP qualified or relevant experience
- Experience with industry standard information technology control policies and standards frameworks including NIST
- Experience with continuous monitoring tools to action priority alerts based on security vulnerabilities
- Ability to review security intelligence from multiple sources and determine what is actionable for third party subdomains and specific third party companies
- Experience with Archer eGRC platform
Preferred:
- 10+ years technology background with experience in third party information risk management, information risk, information security
- Experience with third party vulnerability scanning tools
- Experience with Cloud Access Security Broker (CASB)
- Excellent oral and written communication skills, and attention to detail
- Ability to use Excel to assess data and produce meaningful reports
- Team Player / Relationship Building: Collaborative with strong interpersonal skills; able to relate to and build strong relationships with diverse internal and external audiences/constituencies; leverages the ability to deliver effectively.
- Innovation: Continually looks within and beyond their job, anticipating business needs and opportunities.
- Strong Core Values: Results-based, action oriented; prudent risk taker; effectively balances business-specific and enterprise-wide needs.
target job salary range is $100,900 to $176,600
MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.
]]>