.About HireRight:Overview:This role is based in Mexico as an Information Security- Third Party Risk Management Analyst (SECGRC), reporting to the InfoSec TPRM Lead Analyst on the Governance Risk & Compliance (GRC) Team.
This person will assist in the management and reporting of all aspects of vendor/ Third Party Risk Management (TPRM) operational monitoring to ensure that the organization's Information Security standards are identified, well documented, and remediation plans formalized in a timely fashion.
**Responsibilities**:- Ability to conduct comprehensive risk assessments of external vendors- Distribute and assess vendor security audits and questionnaires regularly- Monitor the ongoing activities and performance of third parties to identify emerging risks or changes to risk profiles- Build on the automation process for third-party risk- Responsible for security research and to determine areas of vendor risk- Partner with internal stakeholders across all business groups to support GRC-related initiatives and communicate back to stakeholders about vendor management.- Work closely with the security team and partners to ensure that the information security program adheres to industry, government, and organizational standards.- Schedule and perform risk assessments using a defined methodology to identify, document, and communicate control deficiencies in business processes and technology systems or offices.Qualifications:**Education**:- High School diploma or GED required; - Bachelor's degree in applicable field preferred but not required; Combination of adequateeducation and work experience considered as an alternate.
**Experience**:- Prior experience conducting internal and external risk assessments and providing guidance to functional teams with the implementation, monitoring, and reporting of control processes, documentation, and compliance measures and / or remediation items- Experience with managing TPRM issue remediations in a confidential and sensitive manner- High degree of independence and exceptional work ethic within a small team with a solution-oriented mindset- Familiarity with IT and Information Security best practices- preference to those with experience working with TPRM automation tools.- 1-3 years of relevant experience is required.Knowledge & Skills:- Frameworks, Regulations, and Security Control sets: NIST Cybersecurity Framework (CSF), ISO27001, NIST 800-53, GDPR)- Knowledge of Enterprise Risk Management software (i.E., AuditBoard, ServiceNow, Archer, etc