Title: 3rd Party Cyber/Risk Management
Location: Alpharetta, GA (Onsite In-Person Interview Locals Only)
Type: Long Term Contract
Must be local
Must be willing to work onsite
Must be willing to interview in-person
Team Overview
This team is responsible for analysis and triaging of cyber intelligence pertaining to Firm s third-party events / incidents and vulnerabilities. This includes determining required response actions, evaluating potential Firm impact & exposure, and performing internal and external outreach to understand the impact.
Key Focus Areas:
Vendor cyber security related events and vulnerabilities related analysis, triaging, outreach , escalation and reporting.
Explore automation to enhance efficiency and quality of various team processes.
Collaboration with relevant stakeholders to identify and enhance the Third-Party Cyber event and incident process.
Key Responsibilities
- Perform initial triage to understand the scope of services provided by the potentially impacted third party, including identification of Firm systems and applications potentially impacted.
- Initiate outreach to the vendor to confirm whether third party and Firm have been impacted.
- Establish clear communication channels for timely follow-ups, updates and escalation.
- Apply foundational knowledge of attack vectors, techniques, and phases across network, cloud, and OS environments, as deemed required for incident management.
- Coordinate with multiple internal teams throughout the incident lifecycle until closure.
- Ensure alignment on remediation, communication, and reporting requirements.
- Identify cybersecurity, operational, reputational risks related to Firm s third-party and Nth-party relationships.
- Fulfil periodic reporting obligations.
- Maintain comprehensive documentation for audit trail, throughout incident lifecycle as required.
- Identify unique use cases, improvement scope in current process, document lessons learned and recommend process improvements to prevent recurrence.
- Regularly review and update Team Procedures and Runbook as required.
Primary Skills:
- 8+ years of relevant experience in financial industry / technology, either in Incident Management or Third Party Risk Management (including Vendor Risk Assessments) fields.
- Strong understanding of cybersecurity principles, ability to analyze threat intelligence and vendor reports.
- Excellent communication and presentation skills both written and verbal; must be comfortable interacting with all management levels and a global workforce (strong English proficiency is essential).
- Strong data analysis and reporting capabilities.
- Proficiency with Microsoft Office (Excel, Word, PowerPoint); familiarity with Process Unity or ServiceNow is a plus.
- A detailoriented, accurate, tenacious, and deliveryfocused mindset.
- Basic knowledge of attack vectors and phases, and flexibility to work in shifts.
Desired Qualifications
- Industry Certification such as CISA, CISSP, CISM, CRISC an advantage
- Experience with Python development.