Job Info

---

Job Summary & Responsibilities:

As a Senior Third-Party Security Risk Analyst in BSWH, you will be part of a team who is reviewing, assessing and managing the Third-Party Information Security Risk across the organization. As part of the team, you will perform security risk analysis of external vendor and other third party organizations, lead initiatives and assessments, including; core assessments of a Third Party technical, administrative, and physical controls, Cloud solutions, Mobile solutions and Application solutions. The ideal candidate should; have a good understanding of regulations that governs this space, be well versed in risk management and can help counterparts and peers manage cybersecurity risk.

Support the Technology Risk Advisory function by understanding the business needs and helping to shape the Third-Party Technology Risk strategy, be part of a team that assess risk and work with Business Units to manage risk portfolios.

RESPONSIBILITIES:

• Represent BSWH TPRM in the negotiation of information security contracts with external third parties
• Work with TPRM leadership and legal team in developing security contract templates
• Develop security questionnaires (e.g. SIG) tailored to vendor's risk tiers
• Review and manage SIG responses from external parties, receiving and responding to SIG artifacts
• Review and assess audit reports (e.g. SOC 2) and other reports (e.g. system audit logs, pen tests)
• In partnership with BSWH vendors, develop risk mitigation plans for vendors
• Evaluate security risk tiering/prioritization of external parties
• Mentor junior analysts

 

REQUIRED SKILLS:

• Have a good understanding of regulations that govern this space.
• Be well versed in risk assessments and have a demonstrated ability in helping counterparts manage risk.
• Have an experience in a contract review and negotiations.
• Understanding of industry recognized risk management frameworks and a proven track record of implementation.
• Working knowledge of regulatory landscape and information security management controls and frameworks (e.g., HIPAA, HITRUST, PCI; NIST, ISO 27000/27001, SSAE-18).
• Good understanding of information security controls, along with preferred and alternative implementations.
• Have a good understanding in conducting audits.
• Have a technical knowledge of network infrastructure, cyber security risks, web and cloud based applications.

PREFERRED SKILLS

• Proficient verbal and written communication skills
• Bachelor of Science in Computer Science, System/Computer Engineering, Cyber-Security, Information Security, Information Technology or Risk Management is preferred
• 2 years of experience in cyber security (system, network, application, cloud, mobile)
• 3 years of experience developing risk mitigation plans
• 4 years of experience in conducting risk assessment and audits
• One or more of the following Certificates (Highly desirable): CISA, CRISC, CISM, CISSP

 

Location/Facility - Administrative Building - Dallas

For more information on the facility, please click our Locations link.

Specialty/Department/Practice - IT / Identity & Access Management

Shift/Schedule - Fulltime / Days

 

Benefits - Our competitive benefits package includes*:

-Immediate eligibility for health and welfare benefits

-401(k) savings plan with dollar-for-dollar match up to 5%

-Tuition Reimbursement

-PTO accrual beginning Day 1

 

*Note: Benefits may vary based upon position type and/or level.

Qualifications

- EDUCATION - Bachelors or Equivalent Exp

- EXPERIENCE - A minimum of 5 years experience required

- EXTENSIVE EXPERIENCE - In third party security risk management

This job has expired.