Senior Third Party Risk Analyst (R-14266)
Center Valley (Hybrid) - Pennsylvania - United States /
Technology /
Employee: Full Time
/ Hybrid
Why We Work at Dun & Bradstreet
Dun & Bradstreet unlocks the power of data through analytics, creating a better tomorrow. Each day, we are finding new ways to strengthen our award-winning culture and accelerate creativity, innovation and growth. Our 6,000+ global team members are passionate about what we do. We are dedicated to helping clients turn uncertainty into confidence, risk into opportunity and potential into prosperity. Bold and diverse thinkers are always welcome. Come join us!
We are currently growing our Cyber Governance Risk and Compliance team in order to protect and scale our enterprise security program as well as meet ongoing security compliance and assurance requirements!
The Senior Third Party Risk and Compliance Analyst is responsible for supporting the security aspects, assessments, continuous monitoring and audits of all third-party partnerships. You will manage and execute the third-party cyber risk assessment process, from initial third-party intake through tracking and remediation of technical, operational, and contractual issues resulting from partnerships. In additional, This person will help drive the transformation of the Third-Party compliance program by supporting the execution of internal and external assessments.
What You'll Do:
- Plan and conduct information security, risk assessments and audits of suppliers.
- Identify information security deficiencies or risks at third parties, provide escalation paths for information security issues, incidents, and inquiries.
- Prepare security assessment reports including third-party background, security assessment scope, and results.
- Lead third party Incident response investigations with complete ownership the process.
- Collaborate with internal stakeholders to identify and manage IT and cyber risks.
- Perform risk assessments of in scope products and services.
- Identify and analyze control weaknesses and / or inefficiencies; recommend appropriate actions or improvements to ensure effective internal control over financial reporting; proper safeguarding of assets; and continuous improvement.
- Collaborate with control owners to remediate control gaps and track the remediation efforts.
- Assess effectiveness of security control requirements associated with acquisition and use of third-party IT resources.
- Coordinate with supplier management team to communicate, track and close open risk items.
- Work closely with internal stakeholders to educate them, assess risks and achieve compliance over technology control environment.
- Communicate progress, escalations, and issue resolution to management and team stakeholders.
- Develop, maintain, report on key risk metrics.
- Build relationships with a broad range of D&B employees at all levels to accomplish program objectives and further Enterprise Risk goals.
Requirements (Must Have):
- 7-10 years of experience in third-party IT security risk management.
- Bachelor's degree or an equivalent mix of education and experience in Information Cyber Security, Risk Management and Governance Risk and Compliance.
- Strong experience leveraging third party tools such as Service Now, TrustArc, OneTrust.
- Strong knowledge of industry frameworks including related regulatory compliance requirements (NIST 800-161, ITL4,ISO27001, SOC 2).
- Strong experience in conducting supplier security assessments, audits and risk management.
- Deep knowledge of cybersecurity policies, standards and best practices.
- Understanding of information security testing methods, including vulnerability assessments and penetration testing.
- Experience implementing cyber processes and controls, including ongoing improvement opportunities.
- Strong eye for detail and ability to successfully manage third party audits, gather evidence and coordinate audit response.
- Ability to leverage strong verbal, written communication skills to collaborate with cross-functional teams.
- Strong analytical and problem-solving skills capable of managing projects that drive business objectives.
- A team player with strong collaboration skills and the ability to work with minimal supervision.
Preferred (Nice to Have):
- CISA, CISSP, ISO 27001 Lead Auditor, or comparable certifications strongly preferred.
- Having a systems or security engineering background is strongly preferred.
Benefits We Offer
· Generous paid time off in your first year, increasing with tenure.
· Up to 16 weeks 100% paid parental leave after one year of employment.
· Paid sick time to care for yourself or family members.
· Education assistance and extensive training resources.
· Do Good Program: Paid volunteer days & donation matching.
· Competitive 401k & Employee Stock Purchase Plan with company matching.
· Health & wellness benefits, including discounted Gympass membership rates.
· Medical, dental & vision insurance for you, spouse/partner & dependents.
· Learn more about our benefits: http://bit.ly/41Yyc3d.
All Dun & Bradstreet job postings can be found at https://www.dnb.com/about-us/careers-and-people/joblistings.html. Official communication from Dun & Bradstreet will come from an email address ending in @dnb.com.
Equal Employment Opportunity (EEO): Dun & Bradstreet is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, age, national origin, citizenship status, disability status, sexual orientation, gender identity or expression, pregnancy, genetic information, protected military and veteran status, ancestry, marital status, medical condition (cancer and genetic characteristics) or any other characteristic protected by law. View the EEO is the Law poster here and its supplement here. View the pay transparency policy here.
