OverviewWho we're looking forToyota's Cyber Risk Department is looking for a passionate and highly motivated
Senior Third Party Cybersecurity Risk Analyst.The primary responsibility of this role is to conduct cybersecurity risk assessments for third parties across Toyota's third-party portfolio. This role evaluates each third-party relationship to assess the associated risk profile and the effectiveness of the risk management capabilities in place, ensuring alignment with Toyota's risk appetite.This position includes reviewing assurance artifacts such as SOC reports, ISO 27001 certifications, and PCI DSS certifications to evaluate the effectiveness of third-party cybersecurity controls. The role also consolidates and communicates risk findings and metrics to operational management and executive leadership while partnering with internal stakeholders to support informed risk decisions and continuous improvement of third-party cybersecurity risk processes.This role requires strong analytical, critical thinking, and communication skills, along with a deep understanding of risk management practices and cybersecurity processes, risks, and controls, to effectively assess third-party risk and communicate findings to key stakeholders.
What you'll be doing- Conduct Cybersecurity Risk Assessments: Conduct third-party cybersecurity risk assessments to verify alignment with Toyota's information security and risk management standards.
- Inspect Assurance Reports: Review and analyze independent assurance artifacts, including SOC 1, SOC 2, ISO 27001 certifications, PCI DSS certifications, and related evidence, to validate control design and operating effectiveness.
- Evaluate and Communicate Risk: Consolidate, interpret, and communicate cybersecurity risk metrics, trends, and findings to operational stakeholders and executive leadership.
- Collaborate with Risk Partners: Partner with internal business, security, and risk teams to support informed third-party risk decisions and remediation efforts.
- Support Continuous Improvement: Support continuous improvement of third-party risk processes, methodologies, and reporting practices.
What you bring- A bachelor's degree in computer science, information technology, or a related field.
- Experience in Information Security, Risk Management, Information Technology, or related disciplines.
- Experience in the planning, designing, implementation, and execution of third-party risk management programs.
- Excellent presentation skills, including verbal and written communication to differing levels of management throughout the organization.
- Excellent "soft" skills including relationship building and the ability to influence others through consensus building.
Added bonus if you have- Certified Information Systems & Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Security Auditor (CISA) certifications.
What we'll bringDuring your interview process, our team can fill you in on all the details of our industry-leading benefits and career development opportunities.
A few highlights include:
• A work environment built on teamwork, flexibility and respect
• Professional growth and development programs to help advance your career, as well as tuition reimbursement
• Team Member Vehicle Purchase Discount
• Toyota Team Member Lease Vehicle Program (if applicable)
• Comprehensive health care and wellness plans for your entire family
• Toyota 401(k) Savings Plan featuring a company match, as well as an annual retirement contribution from Toyota regardless of whether you contribute
• Paid holidays and paid time off
• Referral services related to prenatal services, adoption, childcare, schools and more
• Tax Advantaged Accounts (Health Savings Account, Health Care FSA, Dependent Care FSA)
• Relocation assistance (if applicable)