Supporting the Client in a Third Party Risk Management process (TPRM), performing Vendor Risk Assessments. Estimated lenght: 2 years Required experience: conducting risk assessments (ideally of third-party vendors) against security standards, such as ISO 27001 and NIST Understanding of concepts of cyber security controls in IT areas (e.g. Access management, Application security) Knowledge of security assessments methodology Analyzing and evaluating security controls and documentation policies
Supporting the Client in a Third Party Risk Management process (TPRM), performing Vendor Risk Assessments. Estimated lenght: 2 years Required experience: conducting risk assessments (ideally of third-party vendors) against security standards, such as ISO 27001 and NIST Understanding of concepts of cyber security controls in IT areas (e.g. Access management, Application security) Knowledge of security assessments methodology Analyzing and evaluating security controls and documentation policies (evidence) Recommending mitigation actions related to identified risks Reporting and communicating identified risks to stakeholders Monitoring of status of implementation of mitigation actions and support Education and skills: 2+ years of experience in security assessments and cyber risk management (ideally including TPRM) Communication skills Good self-organization English skills in writing and speaking Analytical and problem-solving skills; Practical understanding of IT security standards such as ISO27001, NIST, OWASP Bachelor's degree with professional certification in Cybersecurity, IT or a related field Certifications such as CISA, CISSP, CISM as a plus Supporting the Client in a Third Party Risk Management process (TPRM), performing Vendor Risk Assessments. Estimated lenght: 2 years ,[conducting risk assessments of third-party vendors to identify potential security threats and vulnerabilities;, conducting Cloud assessments, conducting audits;, analysing and evaluating vendor security controls, policies, and procedures to ensure compliance with regulatory requirements and industry best practices;, developing and implementing risk mitigation strategies to address identified vulnerabilities and reduce the organization's exposure to cyber threats;, communicating assessment findings and recommendations to internal stakeholders, including senior management, legal, and compliance teams;, monitoring and tracking vendor compliance with security policies and procedures through ongoing assessment activities;] Requirements: TPRM, Security, IT Security Standards, ISO27001, NIST, OWASP, CISA, CISSP, CISM Tools: . Additionally: Sport subscription, Private healthcare, Flat structure, Small teams, International projects, Multisport, LuxMED, Integration events.