Contract consulting opportunity for a Security Analyst. This role is hybrid onsite in the Richfield, MN area. Client requirements: Must be local to Twin Cities metro.
What you'll do: As part of the Third Party Risk Management Team you will perform core duties of assessing new and existing vendors.
Manage and execute assessments to identify, manage, and communicate risk across the enterprise. This role will work with various teams within the Enterprise, including Privacy, Legal, IT, and Procurement to advise on third party risk topics that include information security, business resiliency, reputation, finance, ethics, compliance, and insurance. In addition, the Senior Analyst will support team processes, develop reporting/metrics, and ensure data integrity within Archer eGRC.

• Conduct enterprise-wide third party risk assessments of external partners.
  • Execute, coordinate and support risk assessments to identify and prioritize risks.
  • Facilitate and analyze responses of Risk Profiles to ensure the appropriate level of risk is assigned to each third party service line.
  • Assess risks and prioritize based on existing, internally approved information risk ranking models.
  • Create, organize, and maintain reporting/metrics within Archer eGRC.
  • Conduct reassessments based on inherent risk schedule.
• Advise partners regarding inherent and residual risk posed by third parties.
  • a. Effectively communicate roles and responsibilities pertaining to the assessment process and finding remediation with internal business teams and external vendors.
  • b. Assist in communications to business partners on impact, likelihood and severity of risks in driving risk remediation efforts.
  • c. Collaborate with various audiences, including Security Architecture, Application Security, IT, BC/DR, Legal, Procurement and others.
• Maintain relationships with internal teams through clear, consistent communication.
  • Support team intake process to ensure appropriate responses and resources are communicated to enterprise partners regarding general questions, assessment requests and other inquiries as needed.
  • bServe as Business Resiliency risk liaison to understand finding requirements and relay learnings to the Third Party Risk team.

EXPERIENCE
Minimum 2 years of experience in the TPRM risk category Information Security
Familiarity with the Payment Card Industry Data Security Standard (PCI DSS), NIST Cyber Security Framework (CSF), and ISO 27000 series
2 years of experience performing risk assessments or audits
Strong interpersonal and communication skills with the ability to develop productive working relationships with technical and non-technical teams
Ability to work in a fast-paced environment within a team
PLUS SKILLS
CISSP, Security , Network , or SSCP certification
Experience in the TPRM risk categories Business Resiliency, Finance, Ethics/Compliance, or Insurance.
Experience with Archer GRC tool.
Ability to work with a start-up mentality inside of a large organization to provide security recommendations with the business strategy and goals in mind.