Vacancy expired!
Odyssey is working with a large automotive company to find a Vendor Information Security person to join their Cyber Risk Management Team.
This is a hybrid, long-term contract role located in Plano, TX.The Cyber Risk Management team is part of the Information Security team responsible for protecting information assets from unauthorized disclosure, accidental or intentional loss of data, and modification. This group works to proactively identify existing and emerging risks and threats, and implement strategies and mitigations for them.This role specifically aids in that objective by working within the Cyber Risk and Third Party Cyber Risk Management team to drive vendor and supplier security assurance throughout the phases of the supplier lifecycle to ensure vendors comply with company security policies and standards and that the supplier related security risks are identified and managed. This role interacts with many different business groups inside and outside of the company as well as with individuals at varying levels within our organization and our supplier organizations. This position is primarily responsible for performing contract reviews to ensure contracts have Security System and Data handling requirements and provide guidance on security requirements, this position will work with Legal, Privacy, Vendor Management, procurement groups, and business units. This person may be involved in all phases of the vendor security risk process, including assessments of supplier security posture, validation of supplier-provided assessments (e.g., SOC2), documentation of review and findings, engagement of relevant groups to discuss and resolve findings, aiding the development of reasonable remediation plans, performing qualitative and quantitative risk analysis and preparing reports in understandable terms for senior leadership and involved individuals.What you’ll be doing- Perform review of contracts and addendums for security requirements.- Assisting with the negotiation of supplier contracts with respect to security requirements and articulating risk to supplier and business managers when suppliers are not agreeing to security terms.- Provide guidance to the business relationship managers to ensure their understanding, support and acceptance of the risks involved in doing business with each supplier.- Work with internal and external teams around security and supplier relationships.- Assist with Risk and Vendor Security program initiatives working closely with the Information Security team and other business areas- Understand the role of the security department and how it contributes to the overall goals and business strategy of the Company.- Perform all aspects of the security and risk assessment of suppliers and vendors through complex qualitative and quantitative reviews of risk indicators, threats, and assets- Evaluate suppliers’ security practices and provided documentation to identify the security posture and capability to manage our information and assets securely.- Identify control gaps and vulnerabilities with suppliers and work with leadership and suppliers to address security concerns and remediation in a timely manner.- Document assessment results distilling complex analysis into a clear and understandable manner for supplier and business leadership audiences.- Verify remediation has been adequately implemented before closing open supplier security findings.- Conduct analysis and assessment of information security processes and system controls against corporate, regulatory, and internal information security compliance standards.- Provide guidance to information security functional teams with implementing, monitoring, and reporting of control processes, documentation, and compliance measures.- Identify internal control gaps, vulnerabilities and work with leadership to address security concerns and remediation in a timely manner.- Document assessment results distilling complex analysis into a clear and understandable manner for leadership audiences. Qualifications:- Demonstrated understanding of cyber security risk management concepts, cybersecurity frameworks, and security technologies.- Strong knowledge of information security fundamentals, best practices, and industry standards with prior responsibilities of protecting information assets from unauthorized disclosure, accidental or intentional loss of data, and modification.- Detailed knowledge and experience in security and regulatory frameworks including ISO 27001, NIST 800-53, FFIEC and other control standards. Bonus if you have:- Knowledge of multiple security areas such as: Legal, security architecture, identity management/governance, incident response, security risk, and audit/compliance functions.- Strong experience working within large enterprise environments and information security systems.- CISSP and/or CISM security certification- Other cyber risk and/or security industry certifications and training