About HireRight:
Overview:
This role is based in Mexico as an Information Security
- Third Party Risk Management Analyst (SECGRC), reporting to the InfoSec TPRM Lead Analyst on the Governance Risk & Compliance (GRC) Team. This person will assist in the management and reporting of all aspects of vendor/ Third Party Risk Management (TPRM) operational monitoring to ensure that the organization's Information Security standards are identified, well documented, and remediation plans formalized in a timely fashion.
**Responsibilities**:
- Ability to conduct comprehensive risk assessments of external vendors
- Distribute and assess vendor security audits and questionnaires regularly
- Monitor the ongoing activities and performance of third parties to identify emerging risks or changes to risk profiles
- Build on the automation process for third-party risk
- Responsible for security research and to determine areas of vendor risk
- Partner with internal stakeholders across all business groups to support GRC-related initiatives and communicate back to stakeholders about vendor management.
- Work closely with the security team and partners to ensure that the information security program adheres to industry, government, and organizational standards.
- Schedule and perform risk assessments using a defined methodology to identify, document, and communicate control deficiencies in business processes and technology systems or offices.
Qualifications:
**Education**:
- High School diploma or GED required;
- Bachelor's degree in applicable field preferred but not required; Combination of adequate education and work experience considered as an alternate.
**Experience**:
- Prior experience conducting internal and external risk assessments and providing guidance to functional teams with the implementation, monitoring, and reporting of control processes, documentation, and compliance measures and / or remediation items
- Experience with managing TPRM issue remediations in a confidential and sensitive manner
- High degree of independence and exceptional work ethic within a small team with a solution-oriented mindset
- Familiarity with IT and Information Security best practices
- preference to those with experience working with TPRM automation tools.
- 1-3 years of relevant experience is required.
Knowledge & Skills:
- Frameworks, Regulations, and Security Control sets: NIST Cybersecurity Framework (CSF), ISO27001, NIST 800-53, GDPR)
- Knowledge of Enterprise Risk Management software (i.e., AuditBoard, ServiceNow, Archer, etc.)
- Security and Privacy controls validation experience preferred
- General IT knowledge (architecture, networking, operations)
- Ability to synthesize complex data, produce appropriate outcomes, and convey information designed for relevant audiences
- Stakeholder and executive audience engagement and communication
- Worked with common business processes and cross-departmental projects
- Working familiarity with BCP/DR programs, Privacy, and Physical Security evidence
- Exceptional interpersonal, written, and oral communication skills
- Certifications or other specialized training such as, Security+, CCSK, GSEC, CIPP/X.
- ** Preferred**: ISO27001/LI and/or ISO27001/LA and ISO27701
What do we offer:
Work wherever! The location of this role is flexible, of course you will get a fair financial compensation and from day one you will receive a training plan to get you on board quickly. In addition, you will have the opportunity to join our team of 3,000+ Team Members that work in 15 countries, serving clients in 200+ countries and territories. Many of our Team Members have been with HireRight for a long time. But that's not all, you will get additional benefits like:
- Christmas Bonus
- Additional Holidays: Holy Thursday & Friday, Mother's Day, Day of the Dead and Virgin of Guadalupe.
- Food Voucher + Meal Bonus
- Generous Vacation Program
- Monthly Transportation Allowance / Payment of Teleworking Expenses
- Insurance for major medical expenses
- Business Casual Attire
- Generous Referral Program
- Professional Growth**HireRight, LLC is an Equal Opportunity Employer**
**Minorities / Females / Veterans / Disabilities**
LI-REMOTE