At Iron Mountain we protect what our customers value most, from the everyday to the extraordinary, while helping them bridge the physical and digital world. Our people have the opportunity to bring their creativity to a workplace that thrives on change. Here, you will be part of a team that doesn't just embrace what's exceptional. It creates exceptional.

As a trusted partner to our clients there is a requirement that our Mountaineers must be vaccinated.

The TPRM mission is to manage the firm's risk exposure related to third parties through enhanced risk management practices, and to provide firm leaders with transparency into Iron Mountain's third party ecosystem, risk exposure and risk decisions.

TPRM Manager is expected to:

• Manage a global divers team of TPRM analysts
• Coordinate with external providers and internal technology teams regarding platform development, enhancements, integration and issue resolution
• Liaise with TPRM risk and compliance groups related to due diligence matters and requests
• Collaborate across Risk and Brand Protection and other teams to escalate and resolve issues
• Represent TPRM with business partners, internal stakeholders, and external third parties
• Manage reporting activity and analyzing metrics for performance
• Identify issues for escalation to program leadership
• Oversee US and global resources in a remote environment

Responsibilities

• Support a culture of risk management, risk and control visibility with measurable risk reduction and effective reporting and governance of risk reduction activities.
• Develop a Third Party Risk Management assessment lifecycle, establish new policy, review / update existing risk management policy, standards and procedures.
• Establish a Technology Risk Management methodology by adopting NIST RMF (SP800-37), CIS v8 Top 18, COBIT 2019, CSA CCM / CSA STAR registry or ISO 31000:2018 frameworks.
• Optimize program capabilities in planning, organizing, and integrating cross-functional information technology projects that are significant in scope and impact to the IT Risk and Third Party Management team goals.
• Measure, Manage & Mature the program, track progress, drive improvements, develop and report KPIs, KRIs, process metrics and management dashboards.
• Maintain organization's effectiveness and efficiency by defining, delivering, and supporting strategic analysis and plans for implementing IT Risk and Third Party program management process.
• Participate in performing IT Risk Assessments of all new projects, technology implementations, new & existing vendor onboarding assessments
• Determine information security risk profiles for various systems, assets, data, vendors etc., using knowledge of Iron Mountain policy, frameworks, standards and relevant industry best practices.
• Ability to conduct risk assessments, characterize the system, identify threats / vulnerabilities, control deficiencies, likelihood determination, impact analysis, risk levels, compensatory control recommendation and results documentation.
• Collaborate in stakeholder management, risk articulation, communication, risk reviews, driving risk acceptance and risk treatment activities
• Effectively interpret and document testing and monitoring results and develop recommendations for improvements and enhancements.
• Identify issues and recommend actions that need to be raised to team leaders for further guidance, direction or follow-up.
• Oversee training global TPRM team, risk & compliance groups and stakeholders as needs arise.
• Monitor, report and track compliance with firm policies and practices, including system controls.
• Collaborate with and represent TPRM with leaders, colleagues and global partners.
• Effectively communicate with peers, managers, senior managers
• Recommend modifications to technology solutions to meet requirements
• Design and manage other third party review activity as needed.
• The role will evolve as TPRM expands and changes to meet compliance needs of IRM

Key Skills

• Aptitude to learn and utilize technology to perform and document responsibilities
• Proven ability designing or enhancing third party risk management or compliance-related activities
• Excellent organizational aptitude
• Ability to analyze problems and facilitate solutions
• Excellent written and verbal communication skills
• Ability to think critically, objectively and analytically
• Detail-oriented with strong project management, organization, prioritization and time management skills
• Flexibility in working on several processes or projects simultaneously to meet team goals and responsibilities
• Possess high integrity to handle sensitive and confidential data
• Ability to work accurately and efficiently under pressure
• Proven ability to work independently and drive projects to completion
• Ability to work collaboratively with subject matter resources, often in a virtual and cross border environment
• Confidence and poise to work directly with partners, business teams and other firm leaders
• Willingness and ability to readily respond to changing circumstances and expectations
• Interest in effectively developing other colleagues and creating a culture of compliance, inclusion and professional growth

Qualifications

• 7+ years Technology Risk Management & Third Party Risk Management experience or a combination of IT-GRC and information security experience
• Substantive direct experience in one or more of the following: third party due diligence, compliance programs, risk and controls
• Bachelor's degree with proficiency in Management Information Systems, Technology Management or Cybersecurity
• Expertise in technical program management, particularly in areas of security, and/or technology risk management
• Demonstrated ability to analyze information and assimilate into consumable management reporting
• Professional certification such as CISM, CRISC, CISSP or PMP is a plus
• Knowledge/experience with data security and privacy regulations (e.g. NIST CSF, ISO 27001, PCI DSS, GDPR).
• Effective communication and relationship-building skills, a natural affinity for being curious and inquisitive, and an ability to work with ambiguity, analyze situations and problem solve.

Category: Information Technology Group

Iron Mountain is committed to a policy of equal employment opportunity. We recruit and hire applicants without regard to race, color, religion, sex (including pregnancy), national origin, disability, age, sexual orientation, veteran status, genetic information, gender identity, gender expression, or any other factor prohibited by law.

To view the Equal Employment Opportunity is the Law posters and the supplement, as well as the Pay Transparency Policy Statement, CLICK HERE

Requisition: J0044870