Great opportunity to join an enterprise environment, where you will part of the Information Security Team working on Risk Management projects. In this role, you will help with gathering security related information around risk assessments, Sox, and Controls, and entering that data in a GRC tool. Work with the different asset owners, to get the details on what policies they have in place.
Responsible for understanding the business processes and technology used within the assigned areas to ensure that the business is in compliance with regulatory requirements and the company Information Security Policy and applicable procedures, processes and standards.
- Provide oversight to company's business units in assessing and managing third-party relationship risk.
- Conduct and publish annual due diligence and risk assessment reports of third parties within their scope of duties.
- Ensure third-party relationships adhere to company's policies and are compliant with regulatory guidelines and industry best practices.
- Code Monitoring for SOX related applications
Review 20 daily audit reports for changes
Complete weekly register with changes
- Assist with data collection and entry into GRC Tool for Assessments
- Mapping SIG questions to IS Standards
- Assist with completing application assessments based on previous SOX testing within the GRC Tool
- Create application assessment reports based on review in GRC Tool
- Scoring of Vendor SIG questions
- Report on status of vendor risk assessments
- An understanding of Risk Management, and the policies involved are required, in order to ask the right questions of the application owners in reference to the policies.
- A good understanding of Microsoft technologies such as word and excel is required
- Interface with all levels of management and technical and business sources.
- Experience with Third Party Risk Management (TPRM) risk management is a plus