Third Party Risk Assessor; HYBRID

Join to apply for the Third Party Risk Assessor (HYBRID) role at Equitable
.

At Equitable, our power is in our people. We're individuals from different cultures and backgrounds. Those differences make us stronger as a team and a force for good in our communities. Here, you'll work with dynamic individuals, build your skills, and unleash new ways of working and thinking. Are you ready to join an organization that will help unlock your potential?

The Third Party Risk Assessor will conduct comprehensive security assessments of third parties’ information security systems and processes to ensure compliance with regulatory, legal, and company policies. The individual shall also have experience negotiating security terms in agreements with third parties.

• Perform security assessments and audits on information security processes and systems of third parties to identify weaknesses or vulnerabilities.
• Perform design as well as operating effectiveness assessments of internal controls.
• Ensure compliance of systems with applicable regulatory, legal requirements, and internal policies.
• Perform security risk assessment on third‑party vendors or their products.
• Negotiate security requirements in agreements with third‑party vendors.
• Provide recommendations on the remediation of weaknesses, vulnerabilities to improve compliance.
• Prepare clear and comprehensive audit reports by documenting findings, risk ratings, and remediation recommendations.
• Present the audit report to business stakeholders, IT leadership, and IT teams to explain findings and recommendations.
• Log and track remediation of findings until closure.
• Report and escalated any issues or concerns to senior management.
• Prepare and present KPIs/KRIs to senior management.
• Stay current on emerging security threats, industry trends, and best practices in cybersecurity.

• 5+ years of experience in performing third‑party audits, assessments, and managing risk and compliance issues, or similar experience managing applications, projects, or systems that require identification, evaluation, and remediation of risks.
• Technical background or demonstrable understanding of a range of operational and IT risks and operations.
• Experience in performing third‑party vendor risk assessments/audits including contract negotiations.
• Experience gathering and interpreting risks and associated impacts in the context of financial and operational concerns.
• Understanding of complex audit and assessment risk‑related issues through demonstrated experience in managing vendor assessments, information security assessments, and audits.

• A bachelor's degree preferably in computer science, engineering, mathematics, or statistics.
• Desired professional qualifications may include:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
• Savvy interpersonal/relationship skills, able to foster working relationships within the team, across IT, and with business colleagues.
• Knowledge of business and technology practices and trends.
• Excellent written and verbal communication skills.
• Ability to communicate complex issues in a language understood by business leaders across multiple disciplines (such as business, IT, and security) within an organization.
• High level of personal integrity and demonstrated willingness to call out and act on issues.

• Confidentiality: Knowledge of practices and policies governing disclosure of information about the organization, its business activities, and employees; ability to apply this knowledge appropriately to diverse situations.
• Industry Knowledge: Knowledge of the organization’s industry group, trends, directions, major issues, regulatory considerations, and trendsetters; ability to apply industry knowledge appropriately to diverse situations.
• Information Security Management: Knowledge of the processes, tools and techniques of information security management; ability to deploy and monitor information security systems, while detecting, controlling and preventing violations of IT security.
• IT Governance: Knowledge of the…