Senior Cyber Risk Management Engineer - Third Party Risk

The Senior Cyber Risk Management Engineer will be an integral part of the Third Party Risk Management (TPRM) team. TPRM is responsible for conducting security risk assessments of third party service providers, documenting, and reporting assessment results, and tracking risk remediation until closure.  This role requires the evaluation of complex enterprise-scale information security problems in the context of regulations, standards, contractual, and business requirements. The Senior Cyber Risk Management Engineer will also provide advisory services to internal customers, stakeholders, and partners.

• Performs risk-based security reviews of Delta Dental’s third party service providers
• Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contribute to the development and maintenance of information security strategy and architecture.
• Assesses the effectiveness of cybersecurity capabilities, both internal to the organization and at third parties, provide guidance on effectively managing the risk of ineffective capabilities, and influence decision making by educating business stakeholders on the risk.
• Develops processes and documentation templates, and implements tooling to enable security risk assessment service delivery.
• Partners with senior management and coordinating with procurement risk teams to assess Third Party products/services during on-boarding processes.
• Executes and manages cyber risk activities including on-going cyber assurance process and oversight of Third-Party relationships to ensure continued compliance with TPRM requirements.
• Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the solution and identifying options and recommendations for mitigating those risks.
• Communicates and interacts effectively and professionally with co-workers, management, internal and external customers and partners. 
• Communicates cybersecurity risks and solutions to various technical and non-technical audiences and levels of management. 
• Maintains communication with management regarding development within areas of assigned responsibilities and perform special projects as required or requested. Continuously tracks and reports the status of all development efforts.
• Develops strong working relationships with and offer continuous assistance and thought leadership to other contributors in the information technology organization.
• Establishes and maintains relationships with suppliers and business partners in the information security industry.
• Educates, coaches, and mentors junior members of the team on technical, interpersonal, and team dynamics, company policy & procedures, and other topics.
• Maintains knowledge, ensures competency and compliance with policies and procedures to be the technical expert while collaborating with cross-functional teams.
   

• Required: CISSP certification
• Experience in security risk assessment, compliance, or IT audit 
• Knowledge and understanding of security controls across all security domains including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, and others. 
• Familiarity with SOC I (SSAE16) and SOC II, ISO 27001, HITRUST, NIST, etc.
• Knowledge of security principles, issues, techniques and implications across all existing computer platforms.
• Excellent written and verbal communication skills and team player.
• Preferred any of these certifications in one or more areas such as, GIAC, CISA, CRISC, or CICA.
• Knowledge of SQL and GRC tools is a plus.
• Bachelor's Degree and/or advanced degree with a concentration in one of the followings: Computer Science, Management Information Systems, or Cyber Security
• Nice to have broad exposure to infrastructure/network and multi-platform environments, IT and security architecture development.
  .

Base Pay Information 

The national base pay range at the end is a good-faith estimate of what Delta Dental may pay for new hires. Actual pay may vary based on Delta Dental’s assessment of the candidate’s knowledge, skills, abilities (KSAs), related experience, education, certifications and ability to meet required minimum job qualifications. Other factors impacting pay include prevailing wages in the work location and internal equity. $106,400 - $230,600

Behind the smile! We are dedicated to safeguarding the health and financial stability of our employees and their loved ones. This commitment extends beyond the workplace to foster personal growth and holistic wellbeing. Our life-changing rewards package includes:

• Competitive base and incentive pay 
• 401(k) with robust matching and non-matching contributions
• Rich medical & pharmacy benefits
• 100% employer-paid dental and vision benefits
• Holistic wellbeing program with deep financial incentives
• Generous paid time off plus 12 paid holidays and your birthday off
• Culture of growth and learning: career development; tuition reimbursement; recognition program
• Family support: adoption assistance, fertility treatment, child, elder & pet care assistance
• Social responsibility and volunteer opportunities
• Employee discount program

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
#LI-Remote