Risk

• The Impact You’ll Make in this Role: As a Senior Cyber Third-Party Risk Analyst, you will be responsible for assessing, managing, and mitigating cybersecurity risks associated with third-party vendors and partners.
• This role involves evaluating the security posture of third parties, ensuring compliance with internal and external cybersecurity standards, and working closely with various stakeholders to enhance the overall security framework.
• Risk Assessment: Conduct thorough cybersecurity risk assessments of third-party vendors and partners.
• Collaborate with managed services to conduct cybersecurity risk assessments if a conflict of interest arises.
• Evaluate the security posture of third parties through questionnaires, interviews, and security audits.
• Identify potential vulnerabilities and threats posed by third-party relationships.
• Review the quality of vendor risk assessments conducted by managed services to ensure they meet organizational standards.
• Support escalations from manage services when risk decisions need to be raised to 3M.
• Vendor Management: Collaborate with procurement and legal teams to ensure cybersecurity requirements are included in vendor contracts.
• Monitor and review third-party compliance with security policies and standards.
• Maintain an up-to-date inventory of third-party vendors and their risk profiles.
• Incident Response: Assist in the investigation and response to security incidents involving third-party vendors.
• Conduct third parties’ cybersecurity risk assessment.
• Reporting and Documentation: Prepare detailed reports on third-party risk assessments and findings.
• Document and track remediation efforts and follow-up actions.
• Provide regular updates to senior management on third-party risk status.
• Policy Development: Contribute to the development and maintenance of third-party risk management policies and procedures.
• Ensure alignment with industry best practices and regulatory requirements.
• Training and Awareness: Conduct training sessions for internal stakeholders on third-party risk management practices.
• Promote awareness of third-party cybersecurity risks within the organization.
• Prepare regular reports for senior management and the audit committee on the effectiveness of the IT control environment.
• Track remediation efforts for control deficiencies and ensure timely resolution.
• Continuous Improvement: Identify opportunities for enhancing the ITGC compliance program and overall IT control environment.
• Stay current with changes in technology, regulatory requirements, and industry trends to ensure ongoing compliance and control improvement.

Senior Cyber Third-Party Risk Analyst

Senior Payment Fraud – Risk Specialist

Coding Team Lead, HCC Risk Adjustment Coding

Senior Group Risk Specialist – Technology Risk

Senior Manager, Group Risk – Operational Risk Profiles

Executive Risk Control Specialist – Large Accounts