×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Principal Cybersecurity 3rd Party Risk Management; C

Job in New York, New York County, New York, 10261, USA
Listing for: Metropolitan Transportation Authority (MTA)
Full Time, Part Time position
Listed on 2026-01-14
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 156476 - 184692 USD Yearly USD 156476.00 184692.00 YEAR
Job Description & How to Apply Below
Position: Principal Cybersecurity 3rd Party Risk Management (C)
Location: New York

Principal Cybersecurity 3rd Party Risk Management (C)

Job : 11707

Business Unit: MTA Headquarters

Location: New York, NY, United States

Regular/Temporary: Regular

Department: IT CISO

Date Posted: Aug 14, 2025

Description

JOB TITLE:

Principal Cybersecurity 3rd Party Risk Management (C)

SALARY RANGE: $156,476 - $184,692

HAY POINTS: 775

SUPERVISOR:
Cybersecurity Officer
- Manager

LOCATION:

Various/ 2 Broadway New York, NY 10004

HOURS OF WORK: 9:00 am - 5:30 pm (7.5 hours/day) or as required )

This position is eligible for telework which is currently two day s per week. New hires are eligible to apply 30 days after their effective date of hire.

About Us

The Metropolitan Transportation Authority is North America's largest transportation network, serving a population of 15.3 million people across a 5,000-square-mile travel area surrounding New York City, Long Island, southeastern New York State, and Connecticut. The MTA network comprises the nation’s largest bus fleet and more subway and commuter rail cars than all other U.S. transit systems combined. MTA strives to provide a safe and reliable commute, excellent customer service, and rewarding opportunities.

Summary

The role will manage vendor risks and assessments to anticipate, identify, monitor and mitigate risks associated with third-party providers of goods or services. In addition, this role is tasked with compiling data and completing documentation related to vendor risk, as well as ensuring that the issues that arise are appropriately captured, assessed and mitigated to acceptable levels.

This role must ensure that the organization’s vendor ecosystem is properly evaluated, assessed and managed to minimize risk exposure and risk impacts to the business.

Responsibilities
  • Assessing the information security posture of third parties (service providers, business partners, and Third-Party Administrators (TPAs)) and coordinating the overall execution and delivery of assessments and related remediation of any findings
  • Identifying and tracking continuous monitoring activities to ensure the risks associated with individual third parties have not changed or exceeded risk tolerance thresholds, and where it has exceeded approved thresholds, agree remediation plans with the counter party
  • Participate in cross-functional teams to promote information security polices and best practices and address third-party security compliance issues
  • Develop and implement cybersecurity policies and procedures to protect information assets
  • Conduct cybersecurity risk assessments of third-party vendors and suppliers using industry-standard frameworks, such as NIST, ISO, and CSA
  • Develop and maintain a comprehensive inventory of third-party vendors and suppliers, and track their cybersecurity risk profiles
  • Collaborate with procurement and legal teams to ensure that third-party contracts include appropriate cybersecurity requirements and provisions
  • Coordinate, plan and execute risk-based security assessments of third parties to ensure ongoing compliance with regulations, legislation, contractual obligations, company policies, and internal controls
  • Monitor third-party vendors and suppliers for changes in their cybersecurity risk profiles and report any concerns to management
  • Provide guidance and recommendations to internal teams on best practices for managing third-party cybersecurity risks
  • Keep abreast of the latest security, privacy, and regulatory concerns and best practices impacting third party risk management
  • Continuously monitor information security and privacy regulation changes, Design and implement process improvements to ensure organizational adaptation of those changes and compliance
  • Perform IT Security assurance/compliance reviews as appropriate
  • Identify enhancements and process efficiencies to keep assessment program in line best practices
  • May mentor less experienced staff
  • Performs other duties and tasks as assigned
  • May need to work outside of normal work hours (i.e., evenings and weekends)
  • Travel may be required to other MTA locations or other external sites
  • Observing the work performed by the contractor
  • Reviews invoices and approve them if the work had contractual standards
  • Addressing performance issues…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search