Whatsapp
Posted : Friday, December 15, 2023 05:35 AM
Learn what makes QTS a unique place to grow your career!
The Senior Manager, Third Party Risk and Compliance Solutions provides expert third party risk management leadership and implements risk management solutions across the QTS enterprise.
This role will implement an effective third-party risk management program to include leading a team of third-party risk analysts.
The role will be responsible for implementation of policies, as well as a comprehensive controls framework with enterprise-wide Third-Party Risk Management.
The Senior Manager is a subject matter expert across corporate third-party services and dependencies and will provide consultative insight and risk reduction recommendations to business units relying on third parties in their operations.
Additionally, this role will support the company’s overall IT and security governance, risk management and compliance program with third-party vendors.
This role consults and provides input to the comprehensive list of organization third-party providers, applications, and services from the time of onboarding through termination.
In addition, this role will ensure the company’s technical systems, data, intellectual property, and information assets are protected.
RESPONSIBILITIES, other duties may be assigned.
As part of the risk management process, work in tandem with the security and business teams to evaluate third-party vendors, applications, and services used organization wide.
Supports and can articulate the vision, mission and strategy of risk management and how it relates to Third-Party suppliers/vendors.
Highlight strengths and areas for improvement related to organizational security posture, and risk management treatment, tolerance, and acceptance program.
Formulate third-party processes, policies, and documentation, with emphasis on privacy, data handling, security, business resiliency and compliance framework requirements.
Understand and balance business risk with the need to ensure controls do not weaken efficiencies or business innovation.
Obtain third party documents and assist in documentation of remediation action plans as directed; and monitor action plans through resolution.
Perform due diligence assessments of potential third-party vendors to evaluate their risk profile, including their security controls, compliance with regulatory requirements, financial stability, and overall reliability.
Monitor and evaluate the ongoing performance of third-party vendors to ensure compliance with contractual agreements, industry standards, and regulatory requirements.
Maintain a strategy for managing security-related third-party assessments, including compliance checks and external assessment processes for risk management.
Oversee vendor SLAs, recovery point objectives and recovery time objectives.
Document each third party’s use of cybersecurity insurance and adherence to breach notification requirements, as well as their third-party audit results and attestation Evaluate third party maturity using ISO, the Cybersecurity Maturity Model Certification, NIST, GDPR and others.
Gauge third parties against their processes and use of threat intelligence and technologies defending against ransomware, denial of service, application vulnerabilities and other emerging threats.
Ensure required risk management activities and control weaknesses are identified prior to contract execution with third party provider, or appropriate risk acceptance is documented and approved.
Support the development of third-party scorecards, along with monitoring results, metric reporting, and preparing and presenting reports to senior management.
Builds strong and inclusive working relationships, in person and virtually, with business partners and colleagues.
Remain highly focused on principles aligning with operational and enterprise risk management fundamentals within security and technology teams.
Function as a liaison with internal and external auditors to manage controls for compliance and privacy laws.
BASIC QUALIFICATIONS Bachelor’s degree in information systems or information technology, Computer Science, Risk Management, or professional equivalency Seven or more years professional experience related to Third Party Management, vendor risk management, cyber risk management and/or procurement.
Five or more years’ experience leading teams to drive strategic objectives.
One or more relevant professional certifications, such as ISO 27001, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISM), Certified Information Systems Security Professional (CISSP), Certified Regulatory Vendor Program Manager (CRVPM) or Certified Third-Party Risk Professional (CTPRP), Certified in Risk and Information System Control (CRISC) PREFERRED QUALIFICATIONS Master’s degree in related field A thorough understanding of network and system-based attack vectors Knowledge of Managed Services Provider Industry Working knowledge of various compliance regulations and IT/security frameworks/standards (e.
g.
, PCIDSS, HIPAA, FedRAMP, FFIEC, FINRA, ISO20000, ISO27000, ITILv3, NIST, SAS70).
KNOWLEDGE, SKILLS, AND ABILITIES Deep understanding of information cyber security and risk framework standards Knowledge of risks related to IT application development and infrastructure maintenance, IT security, business continuity and disaster recovery, emerging technology platforms (e.
g.
, AI), and cloud services.
Competencies in vulnerability management, threat intelligence, insider threats and attacker tactics, techniques, and procedures (TTPs) Knowledge and experience with laws, regulations, guidelines, and frameworks that mandate information security and information risk management requirements such as NIST, ISO27001, HITRUST, PCI DSS, SOC 2 and CMMC Excellent written and oral communication skills with experience writing policy and procedural documentation.
Experience with using GRC technologies, risk management, reporting tools, along with Microsoft software applications.
Initiative-taking, collaborative individual with excellent oral and written communication skills Strong people skills to build/maintain ongoing business relationships with team members, vendors, and clients at all levels of an organization.
A capacity to thrive in a dynamic environment where daily priorities can change frequently.
Critical thinking Determination and persistence to resolve sensitive cybersecurity events and incidents.
Ability to manage time efficiently.
We conform to all the laws, statutes, and regulations concerning equal employment opportunities and affirmative action.
We strongly encourage women, minorities, individuals with disabilities and veterans to apply to all of our job openings.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, or national origin, age, disability status, Genetic Information & Testing, Family & Medical Leave, protected veteran status, or any other characteristic protected by law.
We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer or the government, or against any individuals who assist or participate in the investigation of any complaint or discrimination claim.
The "Know Your Rights" Poster is included here: Know Your Rights (English) Know Your Rights (Spanish) QTS is committed to working with and providing reasonable accommodations to individuals with disabilities.
If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to talentacquisition@qtsdatacenters.
com and let us know the nature of your request and your contact information.
This role will implement an effective third-party risk management program to include leading a team of third-party risk analysts.
The role will be responsible for implementation of policies, as well as a comprehensive controls framework with enterprise-wide Third-Party Risk Management.
The Senior Manager is a subject matter expert across corporate third-party services and dependencies and will provide consultative insight and risk reduction recommendations to business units relying on third parties in their operations.
Additionally, this role will support the company’s overall IT and security governance, risk management and compliance program with third-party vendors.
This role consults and provides input to the comprehensive list of organization third-party providers, applications, and services from the time of onboarding through termination.
In addition, this role will ensure the company’s technical systems, data, intellectual property, and information assets are protected.
RESPONSIBILITIES, other duties may be assigned.
As part of the risk management process, work in tandem with the security and business teams to evaluate third-party vendors, applications, and services used organization wide.
Supports and can articulate the vision, mission and strategy of risk management and how it relates to Third-Party suppliers/vendors.
Highlight strengths and areas for improvement related to organizational security posture, and risk management treatment, tolerance, and acceptance program.
Formulate third-party processes, policies, and documentation, with emphasis on privacy, data handling, security, business resiliency and compliance framework requirements.
Understand and balance business risk with the need to ensure controls do not weaken efficiencies or business innovation.
Obtain third party documents and assist in documentation of remediation action plans as directed; and monitor action plans through resolution.
Perform due diligence assessments of potential third-party vendors to evaluate their risk profile, including their security controls, compliance with regulatory requirements, financial stability, and overall reliability.
Monitor and evaluate the ongoing performance of third-party vendors to ensure compliance with contractual agreements, industry standards, and regulatory requirements.
Maintain a strategy for managing security-related third-party assessments, including compliance checks and external assessment processes for risk management.
Oversee vendor SLAs, recovery point objectives and recovery time objectives.
Document each third party’s use of cybersecurity insurance and adherence to breach notification requirements, as well as their third-party audit results and attestation Evaluate third party maturity using ISO, the Cybersecurity Maturity Model Certification, NIST, GDPR and others.
Gauge third parties against their processes and use of threat intelligence and technologies defending against ransomware, denial of service, application vulnerabilities and other emerging threats.
Ensure required risk management activities and control weaknesses are identified prior to contract execution with third party provider, or appropriate risk acceptance is documented and approved.
Support the development of third-party scorecards, along with monitoring results, metric reporting, and preparing and presenting reports to senior management.
Builds strong and inclusive working relationships, in person and virtually, with business partners and colleagues.
Remain highly focused on principles aligning with operational and enterprise risk management fundamentals within security and technology teams.
Function as a liaison with internal and external auditors to manage controls for compliance and privacy laws.
BASIC QUALIFICATIONS Bachelor’s degree in information systems or information technology, Computer Science, Risk Management, or professional equivalency Seven or more years professional experience related to Third Party Management, vendor risk management, cyber risk management and/or procurement.
Five or more years’ experience leading teams to drive strategic objectives.
One or more relevant professional certifications, such as ISO 27001, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISM), Certified Information Systems Security Professional (CISSP), Certified Regulatory Vendor Program Manager (CRVPM) or Certified Third-Party Risk Professional (CTPRP), Certified in Risk and Information System Control (CRISC) PREFERRED QUALIFICATIONS Master’s degree in related field A thorough understanding of network and system-based attack vectors Knowledge of Managed Services Provider Industry Working knowledge of various compliance regulations and IT/security frameworks/standards (e.
g.
, PCIDSS, HIPAA, FedRAMP, FFIEC, FINRA, ISO20000, ISO27000, ITILv3, NIST, SAS70).
KNOWLEDGE, SKILLS, AND ABILITIES Deep understanding of information cyber security and risk framework standards Knowledge of risks related to IT application development and infrastructure maintenance, IT security, business continuity and disaster recovery, emerging technology platforms (e.
g.
, AI), and cloud services.
Competencies in vulnerability management, threat intelligence, insider threats and attacker tactics, techniques, and procedures (TTPs) Knowledge and experience with laws, regulations, guidelines, and frameworks that mandate information security and information risk management requirements such as NIST, ISO27001, HITRUST, PCI DSS, SOC 2 and CMMC Excellent written and oral communication skills with experience writing policy and procedural documentation.
Experience with using GRC technologies, risk management, reporting tools, along with Microsoft software applications.
Initiative-taking, collaborative individual with excellent oral and written communication skills Strong people skills to build/maintain ongoing business relationships with team members, vendors, and clients at all levels of an organization.
A capacity to thrive in a dynamic environment where daily priorities can change frequently.
Critical thinking Determination and persistence to resolve sensitive cybersecurity events and incidents.
Ability to manage time efficiently.
We conform to all the laws, statutes, and regulations concerning equal employment opportunities and affirmative action.
We strongly encourage women, minorities, individuals with disabilities and veterans to apply to all of our job openings.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, or national origin, age, disability status, Genetic Information & Testing, Family & Medical Leave, protected veteran status, or any other characteristic protected by law.
We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer or the government, or against any individuals who assist or participate in the investigation of any complaint or discrimination claim.
The "Know Your Rights" Poster is included here: Know Your Rights (English) Know Your Rights (Spanish) QTS is committed to working with and providing reasonable accommodations to individuals with disabilities.
If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to talentacquisition@qtsdatacenters.
com and let us know the nature of your request and your contact information.
• Phone : NA
• Location : Overland Park, KS
• Post ID: 9063969046
