Perform due diligence in working with vendors to evaluate IT vendor controls related to the services provided to Celerity.
Understand services provided by the vendor and the Celerity data the vendor can access. Determine the inherent risk rating based on these factors.
Coordinate analysis and response with internal teams including Procurement and business areas.
Evaluate vendor controls and determine the residual risk rating.
Provide a summary analysis to Procurement and the business areas seeking to leverage the vendor for services identified.
Leverage existing templates and tools to assess vendors efficiently and effectively in a timely manner. Ensure RSA Archer is updated to accurately reflect vendor disposition and promote accurate reporting from the system of record.
Document internal process and procedures related to KSP reviews as requested.
Execute daily adhoc tasks as needed
3+ years of Management Consulting (BIG 4, BIG 5, etc) Experience
5+ years of work related compliance experience or Information Security procedures development
Knowledge of industry accepted security frameworks such as NIST 800-53 and ISO 27001
Ability to work independently with minimal supervision, as well as collaboratively with various constituents
Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together
Ability to effectively communicate across multiple levels of an organization specifically ability to provide clear concise communication with project team and mid-level management and demonstrated ability to influence or negotiate with other functional areas
Experience with SSAE 16 Audits and SOC 1 Type 1 and Type 2 Reports a plus
Excellent verbal, written and interpersonal communication skills, plus the ability to achieve goals through influence, collaboration, and cooperation
A self-starter with strong planning and organizational skills to set priorities and achieve goals while supporting multiple projects simultaneously
Integrity and high standards of personal and professional conduct
CISSP/CISA/CIPP Certified preferred
Experience in Financial Services Industry preferred