GRC - Third Party Risk Specialist

GRC - Third Party Risk Specialist – Remote Location: Brazil

Job Description for Third Party Risk Specialist

Requirements

• 1-5 Years of Information Security Experience • Speaks English, Spanish, and Portuguese

This role, part of the GRC (Governance, Risk, and Compliance) team in the Information Security Department, involves collaboration with Legal, Purchasing

Responsibilities include:

• Third-Party Risk Assessment: Conduct risk assessments of third-party vendors to ensure they meet security requirements and standards. • NIST Attestation Review: Review and ensure compliance with NIST (National Institute of Standards and Technology) standards and attestations. • Risk Communication: Communicate risk assessment findings to team owners, custodians of information risk, business partners, and information governance and security teams. • Risk Management Advice: Provide advice to information governance or security teams to enable informed risk management decisions. • Control Implementation: Identify and facilitate the implementation of appropriate controls to effectively manage information risks. • Risk Posture Improvement: Identify opportunities to improve risk posture, develop solutions for remediating or mitigating risks, and assess residual risk. • Relationship Management: Maintain strong working relationships with individuals and groups involved in managing information risks across the organization.

Key Qualifications

• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well. • Ability to identify and assess the severity and potential impact of risks, and communicate findings to risk owners outside the cybersecurity program to drive objective, fact-based decisions that optimize the trade-off between risk mitigation and business performance. • Understanding of organizational mission, values, goals, and consistent application of this knowledge. • Ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization. • Ability to apply original and innovative thinking to produce new ideas. • Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business. • Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part. • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. • Strong problem-solving and troubleshooting skills.