Cyber Due Diligence Analyst

In a world of possibilities, pursue one with endless opportunities. Imagine Next!

When it comes to what you want in your career, if you can imagine it, you can do it at Parsons. Imagine a career working with exceptional people sharing a common quest. Imagine a workplace where you can be yourself. Where you can thrive. Where you can find your next, right now. We’ve got what you’re looking for.

Job Description:

Parsons is looking for an amazingly talented Senior Cyber Due Diligence Analyst to join our team! In this role you will lead cybersecurity third party risk assessments and support continuous improvement of the end-to-end third-party risk management process to ensure 3rd parties (Data Provider & Vendors) meet our security needs, including pre- and post-contractual assessments to identify and manage any risks to ensure security on Day 1

What You'll Be Doing:

• Report to the Operational lead and will play a pivotal role in the vetting and due diligence of data providers and supporting the operational platform’s overall cybersecurity and risk posture
• Conduct thorough security assessments of third-party vendors, suppliers, and partners to evaluate their compliance with established security policies, regulations, contracts, and industry best practices
• Analyze and interpret third-party security assessment findings and provide recommendations and remediation plans to mitigate identified risks
• Monitor and track third-party risk issues, ensuring timely resolution and appropriate risk mitigation actions are taken
• Maintain a comprehensive understanding of the organization's third-party risk management framework and standards
• Ensure assessments are in accordance with known industry frameworks (i.e., ISO, SCF, NIST, GLI-33)
• Collaborate with cross-functional teams, including Strategic Sourcing / Procurement, Legal & Compliance, IT, Cybersecurity, and business units to gather necessary information and ensure compliance with risk management processes
• Stay updated with emerging trends, regulatory changes, and industry standards related to third-party risk management, and incorporate them into risk assessment processes and practices
• Prepare reports, summaries, and metrics on third-party security assessments to Operational Lead, Program Manager or the Government Lead, highlighting key findings and recommendations
• Assist in the development and enhancement of third-party due diligence policies, procedures, and frameworks to continually improve the effectiveness and efficiency of risk assessment processes
• Support the development of training and guidance to internal teams on third-party risk management best practices and procedures
• Help foster a culture of risk awareness

What Required Skills You'll Bring:

• Bachelor’s degree preferred in a technical field (e.g., Cybersecurity, Information Technology) or equivalent combination of education, training, and relevant experience.
• • 5+ years of experience in risk management required. Cross functional experience in IT or information security governance, risk management and compliance (GRC), with a focus on third party risk management and vendor management preferred.

• Experience executing and managing cybersecurity assessments in a heavily regulated industry, preferably Financial Services.

• Knowledge of relevant regulations, standards, and frameworks related to third-party risk management, such as ISO 27001, NIST CSF, NIST SP 800-53, GDPR, GLI-33, and other industry-specific regulations.

• Familiarity with risk assessment methodologies, frameworks, best practices, and the full breadth of cybersecurity domains, particularly as they pertain to third-party risk management.

• Expertise in evaluating vendor posture by analyzing SOC 2 reports and other attestations.

• Experience conducting risk assessments of third-party vendors, suppliers, or partners, including evaluating their compliance with policies, procedures, and regulatory requirements.

• Good analytical skills to identify and assess potential risks associated with third-party relationships, such as data security, operational vulnerabilities, and regulatory compliance.

• Detail-oriented mindset with the ability to analyze and interpret risk assessment findings and provide recommendations and remediation plans to mitigate identified risks, all while communicating with external stakeholders.

• Ability to prepare clear and concise reports, summaries, and documentation related to risk assessments.

• Ability to cultivate relationships with cross functional teams to promote collaboration and cohesiveness

• Familiarity with risk management software or tools used for tracking and managing third-party risks will be an advantage.

• Proactive and collaborative attitude with the ability to stay updated on emerging trends, regulatory changes, and industry standards related to third-party risk management

• Need to have a current and active Top Secret clearance

Security Clearance Requirement:

An active Top Secret security clearance is required for this position.​

This position is part of our Federal Solutions team.

The Federal Solutions segment delivers resources to our US government customers that ensure the success of missions around the globe. Our intelligent employees drive the state of the art as they provide services and solutions in the areas of defense, security, intelligence, infrastructure, and environmental. We promote a culture of excellence and close-knit teams that take pride in delivering, protecting, and sustaining our nation's most critical assets, from Earth to cyberspace. Throughout the company, our people are anticipating what’s next to deliver the solutions our customers need now.

Salary Range: $86,700.00 - $151,700.00

We value our employees and want our employees to take care of their overall wellbeing, which is why we offer best-in-class benefits such as medical, dental, vision, paid time off, Employee Stock Ownership Plan (ESOP), 401(k), life insurance, flexible work schedules, and holidays to fit your busy lifestyle!

This position will be posted for a minimum of 3 days and will continue to be posted for an average of 30 days until a qualified applicant is selected or the position has been cancelled.

Parsons is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, veteran status or any other protected status.

We truly invest and care about our employee’s wellbeing and provide endless growth opportunities as the sky is the limit, so aim for the stars! Imagine next and join the Parsons quest—APPLY TODAY!

Parsons is aware of fraudulent recruitment practices. To learn more about recruitment fraud and how to report it, please refer to https://www.parsons.com/fraudulent-recruitment/.