Cybersecurity Third Party Risk Manager
Location
Reston, VA | United States
Job description
Description
SAIC is seeking a Cybersecurity Third Party Risk Manager to join the Governance, Risk and Compliance (GRC) Team. This position may be 100% remote for the right candidate.
The Cybersecurity Third Party Risk Manager will lead the execution and oversight of the cybersecurity third party risk management processes. Ensure that SAIC’s suppliers remain in compliance with cybersecurity third party risk management standards and industry best practices. Manage the third-party risk lifecycle and play a key role in continuous improvement of SAIC’s procurement process related to cybersecurity concerns.
Responsibilities include:
- Maintain a broad understanding of cybersecurity trends, threats, and best practices to ensure risk mitigation strategies remain current and effective.
- Maintain and improve SAIC’s cybersecurity third party assessment process, policies and procedures to respond and adhere to new and existing regulatory guidelines and industry best practices.
- Perform security audits for SAIC suppliers in alignment with security governance program and create corrective actions for audit findings intended to drive desired outcomes and/or behaviors.
- Facilitate third party assessment process including coordinating distribution of surveys and gathering results.
- Assess security practices to ensure protection of the confidentiality, integrity, and availability of customer and corporate data is in line with the SAIC’s risk appetite. Types of assessment may include: review of independent audit reports, vulnerability testing, policy reviews and direct interviews.
- Continuously monitor critical third parties using a variety of tools to identify issues and work with third parties and internal stakeholders to manage remediation through resolution in a timely manner.
- Maintain central repository of vendor risk assessment conducted, including artifacts and supporting documentation.
- Lead the cybersecurity reviews in the Procurement Request for Proposals to provide GRC insight.
- Maintain documentation in support of audit reviews to ensure third party risk process complies.
- Serve as subject matter expert to identify and address key third party related risks and areas of concern associated with new and existing third parties.
- Communicate identified risks to key stakeholders and establish remediation action plans, and track and monitor identified vendor risks to closure.
- Build effective relationships with stakeholders who own and support third party relationships.
- Develop and report on key risk metrics for the third-party risk management program.
- Maintain and mature cybersecurity third-party risk tool in Service Now to deliver full third-party risk management assessments and tracking.
- Lead the tracking for SAIC contract subcontractor compliance with applicable federal regulations.
- Provide 2 nd line of defense support for technical process teams.
- Define and meet SLA expectations for assessments/reassessments.
- Communicate and collaborate with internal teams, stakeholders, and leadership. Assist in the continuous improvement and maturity of the organizations overall cyber risk management framework, program, processes, and tools.
- Develop and provide training/guidance to stakeholders across the organization to promote a strong risk-aware culture.
- Collaborate with other risk management professionals to share knowledge, best practices, and lessons learned.
- Assist with maintenance of the GRC tool used by the team.
Qualifications
Required Skills:
- Bachelor’s degree in Information Technology or similar discipline with 14+ years of experience, or Master’s Degree with 12 years of experience, or a PhD or JD and 9+ years of experience. An additional 4+ years of experience may be considered in lieu of a degree.
- Must be a US Citizen.
- Previous governance, risk, compliance experience in the IT field.
- Previous supply chain risk management experience.
- Previous third-party risk management experience.
- Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, NIST 800-53, NIST 80-37, and ISO 27001 standards).
- Strong oral and written communication skills and ability to transform technical knowledge into business language (e.g. reports, presentations, etc.
- Ability to work independently and strategically.
- Ability to effectively collaborate and negotiate with diverse stakeholders to meet mission needs.
- Ability to analyze complex information and make/defend independent judgements.
- Ability to manage and prioritize multiple tasks and external dependencies to ensure deadlines are met.
- Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.
- Certifications such as CISA, CISSP, CISM, or Security+.
Desired Skills:
- Working knowledge of third-party risk management tools.
- Working knowledge of security tools for vulnerability scanning, DLP, endpoint protection, etc.
- Technical proficiency in Cybersecurity.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
Job tags
Salary
