GRC Third-Party Risk Specialist - 100% Remote

GRC Third-Party Risk Specialist - 100% Remote Candidate Location – Brazil Employment Type: 12 months plus contract Start date – DOE

Job Description

Requirements 1-5 Years of Information Security Experience Speaks English, Spanish, and Portuguese

This role, part of the GRC (Governance, Risk, and Compliance) team in the Information Security Department, involves collaboration with Legal, Purchasing, and other departments at Nissan-Americas. Responsibilities include: Third-Party Risk Assessment: Conduct risk assessments of third-party vendors to ensure they meet security requirements and standards. NIST Attestation Review: Review and ensure compliance with NIST (National Institute of Standards and Technology) standards and attestations. Contract Review: Review legal contracts between Nissan and vendors to ensure security requirements are met. Risk Communication: Communicate risk assessment findings to team owners, custodians of information risk, business partners, and information governance and security teams. Risk Management Advice: Provide advice to information governance or security teams to enable informed risk management decisions. Control Implementation: Identify and facilitate the implementation of appropriate controls to effectively manage information risks. Risk Posture Improvement: Identify opportunities to improve risk posture, develop solutions for remediating or mitigating risks, and assess residual risk. Relationship Management: Maintain strong working relationships with individuals and groups involved in managing information risks across the organization.

Key Qualifications

Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well. Ability to identify and assess the severity and potential impact of risks, and communicate findings to risk owners outside the cybersecurity program to drive objective, fact-based decisions that optimize the trade-off between risk mitigation and business performance. Understanding of organizational mission, values, goals, and consistent application of this knowledge. Ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization. Ability to apply original and innovative thinking to produce new ideas. Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business. Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part. Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. Strong problem-solving and troubleshooting skills.