Job Description:

Manager - Third Party Risk

The position will be primarily responsible for managing and leading the assessment of the information security posture of key clients' third parties while overseeing the overall execution, quality, and delivery of assessments. The position will work within a Crowe team at a client or third-party site and be responsible for leading teams in identifying key risks, information security gaps, and remediation strategies. This role will also serve as a trusted advisor to client leadership and provide mentorship and oversight to junior team members. Projects would be performed through interacting with the client's Information Security and Business Unit leadership, as well as the client's vendors, service providers, and partners.

Specific projects and responsibilities may include:

• Leading Third Party Risk Assessments by evaluating third-party questionnaire responses, performing control validation, and assessing documentation per established procedures and standards
• Managing and overseeing assessment teams, project timelines, and client deliverables across multiple engagements
• Performing and overseeing site visits to third-party facilities
• Evaluating the effectiveness of security controls for compliance with applicable policies, security laws, regulations, and industry standards
• Assessing cloud technologies such as Software as a Service (SaaS) hosted applications, Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) deployments
• Documenting information security risk and compliance findings, presenting recommendations for remediation, and communicating results to client leadership
• Performing quality assurance reviews of assessments completed by team members to ensure consistency and accuracy
• Delivering high-quality, executive-level reports and presentations
• Coordinating schedules, resource allocation, and assessment activities for key third-party clients while overseeing all key deliverables
• Supporting business development initiatives, client relationship management, and practice growth efforts
• Mentoring, coaching, and developing staff and senior consultants within the practice

Our clients operate in and our team members work across the following industries:

• Pharmaceutical
• Life Sciences
• Biotechnology
• Healthcare
• Manufacturing
• Financial Services
• Technology, Media and Telecommunications

Basic Qualifications

• Bachelor's Degree
• Information Technology and/or Cybersecurity background and/or experience, including 5-8+ years of IT, cybersecurity, risk management, or third-party risk experience with network, platform, and/or application technology
• One or more of the following certifications required:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Third Party Risk Assessor (CTPRA)
  • Certified in Risk and Information Systems Control (CRISC) preferred
• Strong knowledge of security domains such as auditing, policy, database security, firewall design and implementation, risk analysis, identity management, access management, cloud security, or web security
• Working knowledge of one or more compliance frameworks such as SOC 2, ISO 27001, NIST, HIPAA, PCI DSS, or HITRUST
• Experience managing multiple projects and teams in a fast-paced consulting environment
• Demonstrated leadership experience overseeing project execution, client relationships, and team performance
• Proven ability to learn new technologies and systems, especially through independent research and self-study
• Strong verbal and written communication skills with the ability to present technical information to both technical and executive audiences
• Ability to manage project schedules, budgets, staffing, and client expectations
• Ability to travel domestically an average of 20%-50% per year

Preferred Qualifications

• Bachelor's and/or advanced degree with a concentration in Cybersecurity, Risk Management, Computer Science, Management Information Systems, or related field
• Experience working with or assessing third-party vendors and service providers
• IT or cybersecurity experience at a leading public company, consulting firm, or regulated industry organization
• Experience with Archer, ProcessUnity, ServiceNow, OneTrust, or other GRC/VRM platforms
• Experience with security ratings platforms and continuous monitoring solutions
• Experience leading teams and mentoring junior professionals in a consulting or advisory environment
• Bilingual capabilities preferred
• Open to remote work arrangements

We expect the candidate to uphold Crowe's values of Care, Trust, Courage, and Stewardship. These values define who we are. We expect all of our people to act ethically and with integrity at all times.

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Crowe, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $104,500.00 - $213,800.00 per year.

Our Benefits:
Your exceptional people experience starts here. At Crowe, we know that great people are what makes a great firm. We care about our people and offer employees a comprehensive total rewards package. Learn more about what working at Crowe can mean for you!

How You Can Grow:
We will nurture your talent in an inclusive culture that values diversity. You will have the chance to meet on a consistent basis with your Career Coach that will guide you in your career goals and aspirations. Learn more about where talent can prosper!