Security Analyst Cyber Third-Party Risk Management
Security Analyst Cyber Third-Party Risk Management
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 111100 - 152800
1 Vacancy
Job Description
Get started on an exciting career at Element!
Element employees make a difference in the lives of others every day. We are redefining the fleet management industry to be people first then business delivering on our promise of a superior client experience. This takes hard work and innovation and we need more likeminded people on our team.
What We Need
We are looking for a Security Analyst: Cyber ThirdParty Risk Management to join Element Fleet Management. As the largest pureplay fleet manager in the world we provide unmatched products and services and solutions to our clients.
At Element employees play a critical role in delivering value to customers and ensuring an exceptional client experience. We are committed to the success of our clients employees and investors by fostering a culture where every employee can make a difference!
Are You:
- An individual with a strong security background in cybersecurity risk management and vendor assessment
- Someone who is detail oriented and analytical
As the Security Analyst: Cyber ThirdParty Risk Management you will assess and manage the cybersecurity risks associated with our thirdparty vendors and partners. You will be the primary interface for collaboration with Elements strategic sourcing and procurement team assessing emerging supplier security posture and risk. The ideal candidate will have experience in the realtime monitoring of suppliers using ratings tooling and can highlight trends and emerging risk from the existing supplier base.
A Day in the Life
Vendor Risk Assessment and Due Diligence
- Conduct comprehensive security assessments and due diligence reviews of third party vendors and suppliers
- Evaluate and compare vendors security controls policies and procedures to ensure compliance with Elements information security policies and standards
- Identify potential risks and vulnerabilities in vendors security practices; and work with internal stakeholders to develop resolution plans
Cyber Third Party Risk Management
- Develop and maintain the realtime vendor security risk monitoring platform ensuring vendor inventory is accurate and reflective of vendor materiality to the organization
- Monitor and track the remediation of identified gaps and security issues with vendors (through the relationship manager)
- Implement an escalation methodology to ensure material changes in vendor security posture are communicated to respective stakeholders through the incident response process
Collaboration and Communication
- Work closely with internal stakeholders to understand thirdparty relationships and their impact on the organization and business lines
- Communicate risk findings and recommendations to vendors and internal teams with the goal of improving security posture and resiliency
- Collaborate with strategic sourcing and procurement units to integrate cyber methodologies and automation into the vendor procurement/contract lifecycle
Reporting and Documentation
- Prepare and maintain detailed reports on third party risk assessments and findings
- Maintain comprehensive documentation of assessment processes findings and remediation efforts
- Present risk assessment results to senior management and other stakeholders
- Provide Key Risk Indicators Early Warning Indicators and Key Performance indicator reporting in support of Information Security metric reporting
Continuous Improvement
- Identify opportunities to streamline and automate the vendor information security due diligence process
- Partner with stakeholders to identify cyber security risk early in the vendor contract lifecycle/initial due diligence phase
- Identify potential for SBOM and AI automation within the cyber TPRM program
Qualifications
- Bachelors degree or equivalent in the fields of Information Security Computer Science Advanced mathematics or a related field preferred
- 3 years of experience in cybersecurity risk management or vendor assessment Strong knowledge of information security frameworks standards and best practices (e.g. ISO 27001 NIST COSO CoBIT MITRE etc.
- Certifications in the information security field (CISSP CISA CISM CEH) and a demonstration of continuous learning preferred
- Experience in vulnerability management security operations security engineering highly preferred
- Knowledge of thirdparty cyber contracts and clauses (commercial law) highly desired
- Excellent leadership communications and interpersonal skills
Knowledge & Competencies
- Ability to analyze data (from reviews and systems) to make informed decisions regarding third party risks
- Proficiency in evaluating the potential impact of thirdparty risks on the organizations security posture
- Effectively communicate the rationale and implications of riskbased decisions to both technical and nontechnical stakeholders to drive consensus
- Understanding of the broader business context and align risk management decisions with organizational goals
- Navigate complex situations involving multiple variables and stakeholders using independent judgement and critical thinking to assess risks and determine appropriate responses
- Navigate the complexity of an emerging cyber thirdparty risk management program through an objective and consistent methodology
- Provide expert guidance and support to vendors and internal teams to enhance their security practices
- Inspire confidence in stakeholders through demonstrated expertise and professionalism influencing them to adopt recommended security remediation
- Foster a collaborative environment working effectively with crossfunctional teams to address third party risk
- Approach problems with a creative and analytical mindset developing innovative solutions to address third party risks
- Adapting to the changing vendor landscape and potential risks and vulnerabilities implementing preventative measures to mitigate risk before they impact the organization
The hiring base salary range for this position is $111100 $152800 annually. Actual compensation within this range will be dependent upon the individuals knowledge skills experience equity with other team members and alignment with market data.
Whats in it for You
A culture of innovation empowerment decisionmaking and accountability
Comprehensive health and welfare benefits that serve the needs of you and your family and foster a culture of wellness (for qualified roles)
Additional benefits and amenities including paid timeoff programs (vacation sick leave and holidays) (for qualified roles)
Applicants will be required to undergo a background check only if and after a conditional offer of employment has been extended.
Element Fleet Management and its wholly owned subsidiaries are an equal opportunity employer committed to diversity equity inclusion and belonging. We are pleased to consider all qualified applicants for employment without regard to race color religion gender identity age sex sexual orientation disability national origin Aboriginal/Native American status protected veterans status or any other legallyprotected factors. Disabilityrelated accommodations during the application and interview process are available upon request.Should you require an accommodation with our hiring process please send an email to or call.
Required Experience:
IC
Employment Type
Full-Time
