Third Party Risk Specialist - Associate

iCapital is looking to hire a Vendor Risk Specialist to join the Information Security team. This role works on a small team to evaluate the risk of third-party vendors. Vendor risk includes information security, financial, business continuity, and regulatory risk.  The vendor risk process includes engaging internal vendor relationship owners and vendor contacts to obtain various artifacts and question and answers for review. This will identify any outstanding risks which are presented to management for risk acceptance. 

• →Perform third-party vendor security assessment activities including evaluation of vendor controls, practices, process enhancements, and independent audit service reports via a vendor risk system.
• →Communicates directly with third party vendors to obtain artifacts and answers to iCapital diligence questions (DDQs).
• →Recommend mitigating and compensating controls for vendor security programs.
• →Communicate and track remediation plans with third-party vendors, business and technology partners.
• →Escalate outstanding risk items to management.
• →Maintain and present metrics on the vendor risk program to management.
• →Assist the Assurance team with client DDQs as vendor risk and client assurance are related programs.

• 5 years experience in a technology role with 2-3 years in a vendor risk role
• Bachelor's degree in computer science, technology or an information security-related field
• Experience with Upguard or other vendor GRC tools is a plus
• Experience with RiskRecon or other security risk measurements tools is a plus
• Understanding of ISO-27001 or NIST 800 based security program standards
• Knowledge of relevant legal requirements, regulatory requirements, and privacy laws
• Knowledge of security risks pertaining to cloud (i.e. IaaS, SaaS, AaaS)
• Quick learner with desire to continuously learn
• Excellent communication skills including strong English writing skills
• Detail oriented, ensuring that all requirements are met and documented