<p>JobID: 210681910</p> <p>Category: Technology Risk & Services</p> <p>JobSchedule: Full time</p> <p>Posted Date: 2025-11-24T20:40:46+00:00</p> <p>JobShift:</p> <p>Base Pay/Salary: Jersey City,NJ $142,500.00-$190,000.00</p> <p>Opportunity to shape risk culture and ensure technological safeguards in a dynamic, collaborative environment.</p> <p>As a Tech Risk Assurance - Third Party Lead in Cybersecurity Technology & Controls, you will lead expert technical risk assurance and control oversight to ensure the firm's products and lines of business achieve their objectives while effectively managing risk. Utilizing your background in technology risk management, you will work with cross-functional teams to identify, assess, and mitigate emerging risks and vulnerabilities. Your tactical and strategic decision-making will significantly impact the firm's operations, financial management, and public image. You will play a crucial role in fostering a robust risk culture and catalyzing continuous improvement, contributing to the development and implementation of comprehensive risk management policies, standards, and controls.</p> <p>Job responsibilities</p> <ul> <li>Lead efforts to strengthen the firm's third-party risk assessment and control environment, identifying areas for improvement and advising on control implementation to mitigate thematic risks. </li><li>Advise stakeholders on risk management, controls development and adherence to mitigate risks </li><li>Proactively monitor key risk indicators, analyze control metrics, and offer insights on risk management effectiveness to senior management, driving continuous improvement initiatives </li><li>Collaborate with Control Owners to establish and uphold clear cyber, technology, and data control requirements for all third-party relationships. </li><li>Influence, drive, and oversee the efficient execution of third party assurance programs, ensuring alignment with organizational objectives, risk appetite, and regulatory compliance, while continuously updating requirements to address evolving threats and regulatory changes. </li><li>Engage with regulators, clients, and stakeholders on risk-related issues, provide necessary oversight, ensuring compliance with laws, regulations, and internal policies </li><li>Act as a liaison to Global Supplier Services, Tech Risk and Controls, Product Security, Business Control Managers, and GRC leads to foster a collaborative approach to third-party risk management. </li><li>Partner with legal and procurement teams to ensure contracts with third-party vendors include robust cybersecurity and data protection provisions. </li></ul> <p>Required qualifications, capabilities, and skills</p> <ul> <li>Obtain 8+ years of experience in third-party risk management, cybersecurity, technology risk, or related disciplines and a Bachelor's degree in Information Security, Cybersecurity, Risk Management, Business Administration, or related field; Master's degree preferred. </li><li>Experience in a highly regulated industry (e.g., financial services, healthcare) is strongly preferred. </li><li>Deep understanding of third-party risk management frameworks, cybersecurity controls, and regulatory requirements (e.g., OCC, FFIEC, GDPR, ISO 27001, NIST). </li><li>Proficiency in data security, risk management & controls, security governance, and analytical thinking, with a track record of implementing effective risk mitigation strategies </li><li>Proven ability to lead cross-functional teams, influence senior stakeholders, and drive strategic initiatives. </li><li>Demonstrated ability to manage complex programs and projects, prioritize competing demands, and deliver results in a fast-paced environment. </li><li>Advanced knowledge of data analytics and data literacy to uncover actionable insights and support business decision-making </li><li>Experience working with legal and procurement teams to negotiate and strengthen contractual provisions related to cybersecurity and data protection. </li><li>Demonstrated experience utilizing a range of GRC (Governance, Risk, and Compliance) and data analytics platforms, such as Archer, ServiceNow, Alteryx, Tableau, and QlikView. </li></ul> <p>Preferred qualifications, capabilities, and skills</p> <ul> <li>Certified Risk and Information Systems and Controls (CRISC) certification </li><li>Certified Third Party Risk Professional (CTPRP) </li><li>Certified Regulatory Vendor Program Manager (CRVPM) </li><li>Certified Information Systems Security Professional (CISSP) </li><li>Certified Information Security Manager (CISM) </li><li>Certified in Risk and Information Systems Control (CRISC) </li><li>Other relevant certifications </li></ul> <p>#CTC</p>