Senior Third-Party Cyber Risk Analyst
Durham, NC, United States
Pearson
Discover all that we have to offer, for every step of your learning journey.Role: Senior Third-Party Cyber Risk Analyst
Company: Pearson
Location: US (Durham, NC, United States)
About Pearson:
Our purpose: At Pearson we ‘add life to a lifetime of learning’ so everyone can realise the life they imagine. We do this by creating vibrant and enriching learning experiences designed for real-life impact. Pearson was founded in 1844 and has been built on our ability to grow with and adapt to a constantly evolving market. Our 20,000+ employees are dedicated to creating high-quality, digital-first, accessible and sustainable resources for lifelong learning.
About Pearson’s Chief Information Security Office
Pearson’s Chief Information Security Office (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program for protecting the confidentiality, integrity and availability of information assets and technologies from threats and vulnerabilities. We are composed of 4 key pillars: Security Operations, Security Engineering and Architecture, Posture Management, and Governance, Risk and Compliance.
About the Job:
You will be a key member of CISO’s Governance, Risk and Compliance pillar and must form strong partnerships with all CISO pillars and key stakeholders across Pearson Digital and Technology and the Business Divisions. You will contribute to the innovation and transformation of Pearson’s Security Risk programme, with a focus on third-party vendor and supply chain risk; contributing to the development and implementation of a robust risk management programme, conducting rigorous due diligence on third party practices and continuous monitoring.
You will be responsible for, but not limited to, the following:
- Responsible for conducting timely security assessments of third-party suppliers, recording results accurately and initiating appropriate assurance responses.
- Support the production of high quality, informative and accurate reports in respect of third-party assurance assessments.
- Provide advice and guidance to stakeholders on Information/Cyber Security Minimum Requirements for assessments with vendors.
- Collaborate with procurement, legal, and other stakeholders to ensure vendor contracts and agreements include appropriate security and compliance requirements.
- Participate in and contribute to collection of KRI’s, Management Information reporting on 3rd party cyber risks and assessments.
- Assist and support management with internal reporting, including steering committees and updates for senior management.
- Support internal stakeholders with third party related information security projects.
- Support wider cyber risk function on third party/vendor related risk assessments.
- Help the global team with the development and enhancement of the programme, progressing currently identified and future improvements to make the function more effective and efficient.
- Provide support to management and engage with the wider information Security function.
- Develop subject matter expertise on third party security requirements that impact Pearson.
- Stay up to date with the latest cyber threats, attack vectors, and industry best practices for third party risk management.
Key Skills & Experience:
Experience within the Cyber Security field, with a focus on Governance, Risk, Compliance and Assurance.
Relevant professional cyber security qualifications (e.g., CISSP, CISM, CRISC, CCSP, ISO 27001 LA/LI).
Demonstrable expertise working with common information security management frameworks, such as ISO/IEC 27001/2, NIST 800-53, NIST CSF, CIS Top 20, CIS benchmarks.
Demonstrate experience in translating data privacy legal regulatory requirements into information security language such as GDPR, CCPA, HIPPA, etc.
Excellent verbal and written communication skills, with experience communicating with a wide range of audiences including technologists, executives, and business stakeholders.
Demonstrable experience within the design, implementation, and management of systems and/or assurance frameworks.
Highly analytical and a critical thinker, with strong problem-solving skills.
High degree of initiative, dependability and thought leadership.
Desirable Skills & Experience:
- Degree in information security or a related subject, such as Information Technology.
- Experience in conducting internal audits against recognized standards and frameworks (ISO 27001, ISO 22301, etc.).
- Experience working in a similar sized organization or in a consulting practice.
- Knowledge of relevant legal and regulatory requirements, specifically US, UK, and EU.
- Experience governing Payment Card Industry Data Security Standards (PCI DSS) compliance within eCommerce is a bonus.
Pearson’s Benefits:
25 Days annual leave (increasing by 1 day with every year of continuous service up to 30 days); annual leave trading, +/- 5 days.
Annual Bonus
Private Pension plan scheme where we pay in double what you contribute, up to 16% depending on your age.
Life, private medical and dental care insurance options, plus free eye tests
Stock/share purchase options
Maternity, paternity, and family care leave as well as flexible working policies.
An employee wellbeing assistance programme
Cycle to work program, volunteering days, gym membership concessions in selected office locations, along with retail and leisure discounts.
We actively encourage our staff to participate in at least 40 hours of training a year and offer relevant AWS (Amazon Web Service) training and certification as part of this role.
Flexible working: Pearson is committed to hybrid working practices and has adopted flexible remote and virtual working. Where possible our employees can choose to manage their attendance to the office more flexibly. We work a 37.5-hour week, with all our team free to flex their day around our core hours, which are Monday to Friday, 10 to 4 GMT/BST. School runs, etc can be accommodated.
Diversity: At Pearson we value the power of an inclusive culture and a strong sense of belonging. We promote a culture where differences are embraced as strengths and opportunities are equal and accessible.
How to apply: Thank you for your interest in applying for a role at Pearson. Please submit an updated CV and cover letter (optional) in English. If you have any additional questions or require further information, please do not hesitate to reach out to us.
We look forward to receiving your application - Pearson Recruitment
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits AWS CCPA CCSP CISM CISO CISSP Compliance CRISC E-commerce Ecommerce GDPR Governance ISO 22301 ISO 27001 Monitoring NIST NIST 800-53 PCI DSS Privacy Risk assessment Risk management Security assessment Strategy Vulnerabilities
Perks/benefits: Career development Equity / stock options Fitness / gym Flex hours Health care Medical leave Parental leave Salary bonus
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.