Role- Third-Party Risk Management (TPRM) Analyst
Location- Santa Clara or San Jose.
2100 Logic Dr, San Jose, CA 95124 / 2485 Augustine Dr, Santa Clara, CA 95054
Buy Rate- $46/hr on W2 or $55/hr on C2C
THE ROLE:
The Third-Party Risk Management (TPRM) Analyst will coordinate with IT stakeholders, project managers, and business owners to facilitate a vendor risk assessment to onboard a cloud solution or managed service. He/she will be responsible for collaborating with vendors for responses to TPRM vendor assessment questionnaire, perform third-party risk assessments in a timely manner, and facilitate the risk sign-off in accordance with established set of processes. He/She will comply with SLA's, provide periodic status updates to relevant stakeholders, and mature these processes over time in conjunction with customer Management.
KEY RESPONSIBILITIES:
In addition to following customer’s policies and processes, responsibilities include, but are not limited to:
⦁ Follow the established foundational set of processes for onboarding a cloud solution or managed service.
⦁ Coordinate input from multiple stakeholders to facilitate the review of the vendor.
⦁ Perform risk assessments of third-party cloud solutions by reviewing responses to questionnaire, including supporting documents and information captured during discussions, to evaluate vendor’s internal controls environment.
⦁ Facilitate the risk sign-off in accordance with established set of processes.
⦁ Maintain third-party risk assessment documentation within the defined structure.
⦁ Generate metrics on solutions and report to customer management at agreed to frequency.
⦁ Perform periodic ongoing risk assessment of implemented cloud solutions and managed services.
⦁ Refine and mature TPRM processes over time, in conjunction with customer Management.
PREFERRED EXPERIENCE:
⦁ Be CISA/CTPRA/CCAK certified.
⦁ Have at least 5 years of experience in IT, with 3 or more years of this experience in TPRM, risk assessments, and/or internal IT control testing/ IT audits.
⦁ Have working knowledge of information security and risk frameworks/standards (i.e. ISO 27001/2, NIST 800-53, NIST CSF, SOC1/SOC2, CSA CCM and Shared Assessments SIG) and cloud security practices.
⦁ Have knowledge of and the ability to use a PC as well as Microsoft Office Suite, Visio, and SharePoint software.
⦁ Possess strong communication skills (both written and verbal).
⦁ Possess strong interpersonal skills and can adapt information based on the audience.
⦁ Be able to handle confidential information in a professional manner.
⦁ Have the ability to recognize and communicate potential control related issues in a timely manner.
⦁ Be a strong team player and able to work effectively with colleagues and management.
⦁ Be highly organized and self-reliant, with the ability to multi-task.
⦁ Have excellent process and time management skills.
⦁ Able to appropriately identify issues and raise them to management by paying close attention to detail.
⦁ Have the ability to listen effectively and communicate with honesty.
⦁ Be able to acquire and evaluate data.
ACADEMIC CREDENTIALS:
⦁ Have a Bachelors degree or equivalent in Information Technology, Information Systems Management, Computer Science or related field.