The Director of Third-Party Cyber Risk Management is responsible for both the strategic development and operational execution of the organization's third-party cyber risk management program. This role ensures that all third-party relationships comply with regulatory requirements, align with corporate cyber policies, and meet the organization's risk management standards. The Director will design and implement the third-party risk management framework while leading a team of professionals to assess, monitor, and mitigate risks associated with vendors, suppliers, and other third parties. Here, you will make an impact by:
Program Development and Management:
- Design and implement a comprehensive third-party cyber risk management program.
- Develop and enforce policies and procedures for assessing and managing third-party risks.
- Continuously improve the program based on evolving threats and regulatory requirements.
Risk Assessment and Mitigation:
- Conduct thorough risk assessments of third-party vendors, including initial due diligence and ongoing monitoring.
- Identify potential vulnerabilities and recommend mitigation strategies.
- Collaborate with third parties to address and remediate identified risks.
Vendor Relationships:
- Build and maintain strong relationships with key third-party vendors and partners.
- Ensure that third-party contracts include appropriate cybersecurity requirements and standards.
- Work with legal and procurement teams to negotiate cybersecurity terms in contracts.
Incident Management:
- Support the response to cyber incidents involving third-party vendors.
Reporting and Communication:
- Provide regular updates to senior management on the status of the third-party cyber risk management program.
- Prepare and present reports on third-party risk assessments and mitigation efforts.
- Communicate effectively with internal teams and third-party vendors regarding cyber risk expectations and requirements.
Regulatory Compliance:
- Ensure that the third-party cyber risk management program complies with relevant regulations and industry standards (e.g., GDPR, CCPA, NIST, ISO 27001).
- Stay current on regulatory changes and update the program as needed.
Your Skills and Expertise:
- Bachelor's degree or higher (completed and verified prior to start) from an accredited institution
- Ten (10) years of experience in Cybersecurity in a private, public, government or military environment
- Five (5) years of management and/or supervisory experience
- CISSP certification
Additional qualifications that could help you succeed even further in this role include:
- Master's degree in computer engineering, computer systems or information technology field from an accredited institution
- Minimum of 8-10 years of experience in cybersecurity/risk management, with at least 5 years in a leadership role focused on third-party risk management.
- Strong knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS).
- Additional certifications such as SANS, ISACA (CGEIT, CISA, CISM, CRISC) and other technology certifications.
- Excellent communication, negotiation, and relationship-building skills.
- Ability to work collaboratively with internal teams and external vendors.
