Location
New York - 225 Liberty Street, Suite 4301 (BP)
Business
At Brookfield Properties, our global network and relationships are here for our tenants and partners — wherever they are in the world. Where going to work never feels routine. We integrate commercial real estate with world-class shops, restaurants, and entertainment, creating spaces where work and play don’t just coexist, but thrive. If you’re ready to be a part of our team, we encourage you to apply.
Job Description
We Are Brookfield Properties:
We are seeking an IT Manager, Third-Party Risk to join the Brookfield Properties U.S. Office Division in New York, NY. In this role, you will play a key part in inspiring change and continual improvement. If you are committed to excellence and ready to contribute to a dynamic culture, we would love to meet you.
The IT Manager, Third-Party Risk will join our Information Security team. Reporting directly to the Director of IT GRC, this pivotal role will oversee the operational and strategic aspects of our third-party cyber risk program. We seek a self-driven leader with a passion for process improvement and the ability to serve as a subject matter expert in vendor and compliance risk management.
Role & Responsibilities
- Independently conduct thorough third-party information security risk assessments, due diligence, and ongoing oversight of third-party services to ensure compliance and security
- Collaborate with third parties and internal partners to develop and implement corrective action plans, mitigating and resolving third-party risks effectively
- Play a vital role in shaping the department's overall strategy, processes, and approaches, demonstrating strong expertise in cybersecurity and compliance
- Collaborate seamlessly with leadership, multiple internal organizations, external parties, legal, compliance, IT, and business units to leverage relationships, address priority issues, proactively identify, and promptly mitigate risks associated with third-party engagements
- Drive process innovation, including activities like automation, and lead initiatives to enhance the efficiency, effectiveness, and operational capabilities of the third-party risk management program
- Establish and maintain a comprehensive third-party risk register to address potential vulnerabilities across significant risk areas
- Review contractual agreements to ensure proper provisions are included to protect company data in third-party engagements
- Administer program procedures, tools, and related support materials to maintain consistent and effective risk management practices
Your Qualifications
- Bachelor's degree in Business, Computer Science, Information Technology, or related field. Related certifications (e.g., CISA, CISSP, CRISC) will be helpful
- 7+ years of combined IT and experience in third-party risk management in a global company
- Professional information security experience, including conducting comprehensive third-party risk assessments
- Act as a subject matter expert on third-party risk management, providing guidance and training to internal stakeholders
- Strong knowledge in understanding and ability to review and analyze SOC reports
- Strong knowledge of industry standards and regulations, including ISO 27001, NIST, GDPR, PCI, SOX, and other data/privacy regulations and standards
- Strong understanding and practical experience in implementing risk management frameworks. This includes a comprehensive grasp of the risk management cycle, covering areas such as vulnerabilities, threats, and controls, enabling practical evaluation and mitigation of third-party risks
- Extensive knowledge of data security, access control systems, and related matters
- Ability to deliver regular reports and updates to senior management on the status of third-party risk management efforts, including establishing KPIs and metrics to gauge program effectiveness
- Detail-oriented with excellent analytical, problem-solving, and organizational skills, coupled with strong communication abilities (both written and verbal)
- Proven ability to work independently and in a team environment
- Ability to coordinate and perform multiple tasks/projects simultaneously, balancing priorities and deliverables
- Experience with the OneTrust third-party risk management module is a plus
- Knowledge of PowerBI is a plus
- Additionally, may be required to perform other duties as assigned
Compensation
Salary Type: Non-exempt
Pay Frequency: Bi-weekly
Annual Base Salary Range: $105,000-$135,000
We are proud to create a diverse environment and are proud to be an equal opportunity employer. We are grateful for your interest in this position, however, only candidates selected for pre-screening will be contacted.
#BPUS