3M

Senior Cyber Third-Party Risk Analyst

3M

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $122,292 - $149,468 per year

Job Level

Senior

Tech Stack

Cyber Security

About the role

  • The Impact You’ll Make in this Role: As a Senior Cyber Third-Party Risk Analyst, you will be responsible for assessing, managing, and mitigating cybersecurity risks associated with third-party vendors and partners.
  • This role involves evaluating the security posture of third parties, ensuring compliance with internal and external cybersecurity standards, and working closely with various stakeholders to enhance the overall security framework.
  • Risk Assessment: Conduct thorough cybersecurity risk assessments of third-party vendors and partners.
  • Collaborate with managed services to conduct cybersecurity risk assessments if a conflict of interest arises.
  • Evaluate the security posture of third parties through questionnaires, interviews, and security audits.
  • Identify potential vulnerabilities and threats posed by third-party relationships.
  • Review the quality of vendor risk assessments conducted by managed services to ensure they meet organizational standards.
  • Support escalations from manage services when risk decisions need to be raised to 3M.
  • Vendor Management: Collaborate with procurement and legal teams to ensure cybersecurity requirements are included in vendor contracts.
  • Monitor and review third-party compliance with security policies and standards.
  • Maintain an up-to-date inventory of third-party vendors and their risk profiles.
  • Incident Response: Assist in the investigation and response to security incidents involving third-party vendors.
  • Conduct third parties’ cybersecurity risk assessment.
  • Reporting and Documentation: Prepare detailed reports on third-party risk assessments and findings.
  • Document and track remediation efforts and follow-up actions.
  • Provide regular updates to senior management on third-party risk status.
  • Policy Development: Contribute to the development and maintenance of third-party risk management policies and procedures.
  • Ensure alignment with industry best practices and regulatory requirements.
  • Training and Awareness: Conduct training sessions for internal stakeholders on third-party risk management practices.
  • Promote awareness of third-party cybersecurity risks within the organization.
  • Prepare regular reports for senior management and the audit committee on the effectiveness of the IT control environment.
  • Track remediation efforts for control deficiencies and ensure timely resolution.
  • Continuous Improvement: Identify opportunities for enhancing the ITGC compliance program and overall IT control environment.
  • Stay current with changes in technology, regulatory requirements, and industry trends to ensure ongoing compliance and control improvement.

Requirements

  • Bachelor’s degree or higher (completed and verified prior to start) from an ac credited institution.
  • Five (5) years of experience in IT audit, IT compliance, or a related field with a focus on TPCRM in a private, public, government or military environment.
  • In-depth knowledge and experience in TPCRM programs and application of ITGC.
  • Advanced degree or professional certifications (e.g., CISA, CISSP, CRISC) preferred.
  • Experience using the Archer GRC tool preferred.
  • Cybersecurity Knowledge: In-depth understanding of cybersecurity principles, practices, and frameworks, including risk assessment methodologies and threat management.
  • Third-Party Risk Management: Proven experience in managing third-party risk, including conducting and overseeing third-party cybersecurity risk assessments.
  • Regulatory Compliance: Familiarity with relevant regulatory requirements and industry standards (e.g., GDPR, CCPA, ISO 27001, NIST) and the ability to ensure compliance.
  • Continuous Improvement: Commitment to staying current with the latest cybersecurity trends, threats, and best practices, and continuously improving the organization's risk management processes.