<p>Must Have Technical/Functional Skills</p> <ul> <li>5+ years of experience in security architecture, risk assessment, or cybersecurity consulting. </li><li>Strong knowledge of cloud security (AWS, Azure, GCP) and network security principles. </li><li>Experience with third-party risk management frameworks (e.g., SIG, FAIR, TPRM). </li><li>Familiarity with security assessment tools such as Qualys, Veracode, and cloud security posture management (CSPM) solutions, etc. </li><li>Certifications such as CISSP, CISM, CCSP, or CRISC are preferred. </li><li>Strong analytical, problem-solving, and communication skills. </li></ul> <p>Roles & Responsibilities</p> <ul> <li>Conduct in-depth security architecture reviews of third-party vendors, cloud services, and external applications. </li><li>Evaluate vendors' security postures based on frameworks such as NIST, ISO 27001, CIS, and other relevant standards. </li><li>Assess third-party compliance with data protection laws (e.g., GDPR, CCPA) and regulatory requirements (e.g., HIPAA, PCI-DSS). </li><li>Review security documentation, including SOC 2 reports, penetration test results, and security questionnaires. </li><li>Identify vulnerabilities and weaknesses in third-party security implementations. </li><li>Provide risk-based recommendations to mitigate security threats while maintaining business continuity. </li><li>Work closely with vendors and internal teams to remediate identified security gaps. </li><li>Analyze third-party integrations with enterprise systems to ensure they align with security best practices. </li><li>Assess cloud security configurations for SaaS, PaaS, and IaaS providers. </li><li>Recommend secure design patterns for API and data exchange between third parties and internal systems. </li><li>Partner with procurement, legal, and IT teams to incorporate security requirements in vendor contracts and agreements. </li><li>Work with internal security, compliance, and risk management teams to align third-party security with enterprise security strategy. </li><li>Conduct security awareness training for teams engaging with third-party vendors. </li><li>Develop and enhance third-party security assessment methodologies and frameworks. </li><li>Track and report security assessment findings to senior management and relevant stakeholders. </li><li>Stay updated with emerging security threats, vulnerabilities, and industry trends related to third-party risk management. </li></ul> <p>Salary Range-$130,000-$140,000 a year</p> <p>#LI-KR1</p>