Cyber Third Party Risk Analyst

Location New York
Discipline: Cyber & Data Privacy
Contact name: Tom Haussrer

Contact email:
Job ref: 1232

New York, NY. Hybrid Working, 2-3 days in the office

$85-110,000 + Package

Gresham Hunt is currently partnered with a leading professional services client who are looking to bolster their US Security team with an experienced Cyber GRC professional.

The client are looking for an individual with strong security frameworks knowledge as well as experience in 3rd Party Security Risk Management and handling Due Diligence questionnaires.

The Role:

  • Identify and document the key risk considerations in their relevant area and the characteristics that drive the risk level of a Third Party
  • Frequently respond to security questionnaires, RFP/RFI’s, and audit requests from clients/vendors.
  • Liaise with internal and external stakeholders to perform assessments and identify risks. Maintain monitoring activities of existing vendors.
  • Assist with the design of third party review processes using a risk based approach so that resources are focused on those third parties / risk areas that present the biggest threat / challenge to the business
  • Assess future tooling needs to help drive a consistent, and systematic approach to responding to client requests.
  • Help implement the framework and processes across the business, applying change management best practices, including use of engaging and effective communications and training
  • Act as primary point of contact for client questionnaires/assessments.

Your Background:

  • Strong operational or non-financial risk management experience within 1st or 2nd line of defence on the topic of third party risk management.
  • Experience of working cross functional teams, procurement, legal, information security, business continuity and IT.
  • Familiar and comfortable with intermediate IT tools and Procurement systems, ability to provide management.
  • Knowledge of information security and IT Audit frameworks/standards such as ISO 27001, NIST and SOC 2
  • Experience using OneTrust Privacy management tool.
  • Previous experience working in a Financial Services institution or in a client facing role with a Tier 1 Consulting firm is highly desirable.

Candidates must be currently based in the UK with full right to work. Unfortunately, no visa sponsorship is available at this time.