IT - Third Party Risk Manager ; Remote

Third Party Risk Manager

Our Vendor Management Office department is currently seeking a Third Party Risk Manager.

To ensure active engagement in meetings,
it is mandatory for all IT associates to have cameras turned on for all interactions with other associates, customers, and stakeholders. Your camera must be on and positioned correctly to clearly show your face. This practice is crucial for maintaining connection and engagement, as non-verbal cues are essential for effective communication.

• Conduct information security risk assessments of vendors and vendor software, based on company standards and risk appetite, leveraging demonstrated working knowledge of industry security practices.
• Make information security risk recommendations on behalf of the company within limits approved by management.
• Review project documentation, system design documents, vendor security policies and other vendor security references to determine the extent, type, and scope of risks of the vendor relationship.
• Provide security-related recommendations and communicate the need for the changes to business, IT, and other stakeholders.
• Coordinate with IT architects, project teams and vendors to bring system designs into alignment with company security standards.
• Follow procedures to establish company records for the risk management process.
• Modify vendor risk procedures and other tools to support continuous improvement of the vendor risk management program.
• Support IT management relative to vendor product ownership responsibility, product license needs, license and support renewal process.
• Follow vendor governance policies and procedures that drive the behaviors of those individuals/organizations.
• Inform IT and business unit stakeholders on vendor management practices.
• Work with business partners and other IT service areas in the requirement gathering process.
• Manage vendor relationships, including negotiation, license/cost analysis, audit support and coordination, product renewals, and performance monitoring.

• Understanding of fundamental aspects of information security (i.e. data classification, inventories, technical/ procedural/ physical control categories).
• Understanding of information security standards and regulations (e.g., ISO 27001/27002, NIST, FFIEC, etc.), and commonly used concepts, practices and procedures within the information security and privacy fields.
• Understanding of the fundamentals of vendor relationship management (i.e. stakeholder management, communication, problem solving and organizational skills, relationship building).
• Bachelor’s degree or technical institute training or any combination of education and experience that would provide an equivalent background.

Your commitment to providing strong service, sharing best practices and creating solutions that impact lives is appreciated. To increase the well-being and satisfaction of our associates, we offer a variety of benefits and amenities. Learn more about our benefits and amenities packages.

Many departments at our Headquarters in Fairfield, Ohio, offer hybrid work options, empowering associates to work from home several days a week. Depending on your role and responsibilities, hybrid options may be available.

As a relationship-based organization, we welcome and value a diverse workforce. We grant equal employment opportunity to all qualified persons without regard to race; creed; color; sex, including sexual orientation; religion; national origin; age; disability; or any other basis prohibited by law. Learn more about the Federal Employment Notices.