Business Information Security Officer
A company is looking for a Business Information Security Officer specializing in Third Party Risk Management. Key Responsibilities: Oversee the organization's Third-Party Risk Management (TPRM) program including policies, standards, procedures, and governance Lead comprehensive security assessments of potential and existing third-party vendors, evaluating their security posture and compliance Partner with business stakeholders to integrate security requirements into vendor selection and ongoing vendor management processes Required Qualifications: 10+ years of progressive experience in information security roles, with at least 5 years focused on third-party risk management Demonstrated experience developing and implementing third-party assessment methodologies and frameworks Strong background in technical security domains including network security, application security, cloud security, and data protection Extensive knowledge of information security frameworks and regulatory requirements Current professional certifications such as CISSP, CISM, or CRISC
A company is looking for a Business Information Security Officer specializing in Third Party Risk Management.
Key Responsibilities:
Oversee the organization's Third-Party Risk Management (TPRM) program including policies, standards, procedures, and governance
Lead comprehensive security assessments of potential and existing third-party vendors, evaluating their security posture and compliance
Partner with business stakeholders to integrate security requirements into vendor selection and ongoing vendor management processes
Required Qualifications:
10+ years of progressive experience in information security roles, with at least 5 years focused on third-party risk management
Demonstrated experience developing and implementing third-party assessment methodologies and frameworks
Strong background in technical security domains including network security, application security, cloud security, and data protection
Extensive knowledge of information security frameworks and regulatory requirements
Current professional certifications such as CISSP, CISM, or CRISC
