Information Security Third Party Risk Management (TPRM) Lead

CDI

Montreal - Engineering & Development IT Banque & Finance

A propos de Talan

Talan Canada is growing and looking to strengthen its team with an Information Security Third Party Risk Management (TPRM) Lead for the Montreal office, who will be interested in working with clients from multiple industries.

For more 20 years, Talan has been advising companies, supporting them and implementing their transformation projects in France and internationally. Present on four continents, Talan aims to achieve a turnover of 350 million euros for 4,000 consultants in 2021. The group puts innovation at the heart of its development and intervenes in areas linked to technological changes such as Big Data, IoT, Blockchain and Artificial Intelligence.

Strategies and delivery of action plans ensuring conformity with third party risk management compliance (e.g. regulator, auditor, policy, etc.) requires and industry best practices
Development of strong partnerships with business and support line stakeholders for collaboration on defining strategy, effective execution of vendor security assessments and proactive adoption of information security behaviors
Assembly, monitoring, and reporting on vendor security metrics to ensure transparency, compliance, and steering of the perimeter
Key operational controls:
- - Evaluate vendor compliance with Société Générale cloud security standards
  - Perform Information Security risk assessments for new vendors and critical vendors
  - Interpret, identify, and mitigate critical risks factors in a timely matter
  - Maintain and monitor due diligence tasks for third-party vendors
  - Review vendor due diligence materials (i.e., SSAE 18 reports), identify potential issues, and follow up for unresolved issues
  - Track measure, report, and evaluate vendor performance
  - Perform information risk assessments for new vendors and critical vendors
  - Interpret, identify, and mitigate critical risks factors in a timely manner
  - Assist Department Heads and Managers with vendor selection process through information security risk review, completion of due diligence tasks and risk assessments
  - Troubleshoot vendor problems and present to management as required
  - Provide status reports to senior management, auditors, and regulators
  - Research on industry/regulatory and cyber security issues
  - Up to date and continuing education of compliance related issues and value-added training
  - Perform ad hoc analyses and participate in special projects as needed by management

8+ years’ demonstrable experience in Information Security Vendor Risk Management experience
Proficient with and at least one GRC tool (highly recommended)
Solid understanding of common security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software) preferred
Requires strong analytical skills, problem solving skills, and project/program management skills
Solid training in computer disciplines such as application and data security, cloud security, computer technology or software disciplines
Demonstrated ability to perform Vendor Risk assessments through on-site visits and reviewing SSAE18s
Ability to commit to deliver tasks in a timely and effective manner
Ability to work in a team environment
Ability to take responsibility for all actions performed on an individual basis
Proven ability to manage issues through to resolution
Solid understanding of the banking industry’s regulatory requirements for the managing of third parties (e.g., FFIEC)
Experience working with legal or sourcing as part of contract design to include key provisions for Vendor Risk Management
Hands-on knowledge of Information Security
Proven track record of participating in Vendor Risk Management Programs
Prior experience interfacing with external counterparties
Excellent written and verbal communication skills
Proven ability to manage issues through to resolution skilled at making sound decision-making calls
Ability to successfully multitask and complete difficult assignments with deadlines which may have short lead times
Excellent communication skills

Education

Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MS required
Certified training in security management, risk and compliance solutions and practices
CISSP, CCSP, CCSK, CISA, CISM, GSEC, CRISC, or related certification(s) required

Postuler

Informations supplémentaires

Experience :

Senior

We are mainly looking for employees recruited into permanent positions at Talanbut we are open to working with freelancers. You must be in Montreal or be willing to relocated rapidly.Joining Talan also means:Join an international group (10 countries4000 employees) of IT Consulting Servicecommitted to the digital transformation of its customers for more than 15 yearsJoin a Canadian companycreated in 1997with more than 100 consultantsworking in an agile and pragmatic way with large companies (FinanceInsuranceTelecommunicationsServicesDistributionPublic sector) by combining consulting services / technological expertise / innovation / ability to deliver and deploy projectsJoin dynamic teamswhere the role of the employee is at the center of attentionwith the desire to create spaces allowing everyone to flourishHave the opportunity to access the different communities to contribute to development and to innovateall with a strong team spirit and entrepreneurshipTalan is a great playgroundit's up to you!

Information Security Third Party Risk Management (TPRM) Lead

A propos de Talan

Informations supplémentaires

Experience :

À propos

Métiers

Technologies

Secteurs

Actualités

Carrières

Information Security Third Party Risk Management (TPRM) Lead

A propos de Talan

Informations supplémentaires

Experience :

Partager cette offre d'emploi avec :

À propos

Métiers

Technologies

Secteurs

Actualités

Carrières