Security Analyst: Cyber Third-Party Risk Management

Get started on an exciting career at Element!

Element employees make a difference in the lives of others every day. We are re-defining the fleet management industry to be people first, then business – delivering on our promise of a superior client experience. This takes hard work and innovation, and we need more like-minded people on our team.

What We Need  

We are looking for a Security Analyst: Cyber Third-Party Risk Management to join Element Fleet Management.   As the largest pure-play fleet manager in the world, we provide unmatched products and services and solutions to our clients.  

At Element, employees play a critical role in delivering value to customers and ensuring an exceptional client experience. We are committed to the success of our clients, employees, and investors by fostering a culture where every employee can make a difference!  

Are You:  

• An individual with a strong security background in cybersecurity, risk management, and vendor assessment?
• Someone who is detail oriented and analytical?

As the Security Analyst: Cyber Third-Party Risk Management you will assess and manage the cybersecurity risks associated with our third-party vendors and partners. You will be the primary interface for collaboration with Element’s strategic sourcing and procurement team, assessing emerging supplier security posture and risk. The ideal candidate will have experience in the real-time monitoring of suppliers using ratings tooling and can highlight trends and emerging risk from the existing supplier base.     

A Day in the Life 

Vendor Risk Assessment and Due Diligence

• Conduct comprehensive security assessments and due diligence reviews of third party vendors and suppliers
• Evaluate and compare vendor’s security controls, policies, and procedures to ensure compliance with Element’s information security policies and standards
• Identify potential risks and vulnerabilities in vendors’ security practices; and work with internal stakeholders to develop resolution plans

Cyber Third Party Risk Management

• Develop and maintain the real-time vendor security risk monitoring platform, ensuring vendor inventory is accurate and reflective of vendor materiality to the organization
• Monitor and track the remediation of identified gaps and security issues with vendors (through the relationship manager)
• Implement an escalation methodology to ensure material changes in vendor security posture are communicated to respective stakeholders through the incident response process  

Collaboration and Communication

• Work closely with internal stakeholders to understand third-party relationships and their impact on the organization and business lines
• Communicate risk findings and recommendations to vendors and internal teams with the goal of improving security posture and resiliency
• Collaborate with strategic sourcing and procurement units to integrate cyber methodologies and automation into the vendor procurement/contract lifecycle    

Reporting and Documentation

• Prepare and maintain detailed reports on third party risk assessments and findings
• Maintain comprehensive documentation of assessment processes, findings and remediation efforts
• Present risk assessment results to senior management and other stakeholders  
• Provide Key Risk Indicators, Early Warning Indicators and Key Performance indicator reporting in support of Information Security metric reporting

Continuous Improvement

• Identify opportunities to streamline and automate the vendor information security due diligence process
• Partner with stakeholders to identify cyber security risk early in the vendor contract lifecycle/initial due diligence phase
• Identify potential for SBOM and AI automation within the cyber TPRM program

Qualifications 

• Bachelor’s degree or equivalent in the fields of Information Security, Computer Science, Advanced mathematics or a related field preferred
• 3+ years of experience in cybersecurity, risk management or vendor assessment  Strong knowledge of information security frameworks, standards and best practices (e.g. ISO 27001, NIST, COSO, CoBIT, MITRE, etc.)
• Certifications in the information security field (CISSP, CISA, CISM, CEH) and a demonstration of continuous learning preferred
• Experience in vulnerability management, security operations, security engineering highly preferred
• Knowledge of third-party cyber contracts and clauses (commercial law) highly desired
• Excellent leadership, communications and interpersonal skills

Knowledge & Competencies 

• Ability to analyze data (from reviews and systems) to make informed decisions regarding third party risks
• Proficiency in evaluating the potential impact of third-party risks on the organization’s security posture
• Effectively communicate the rationale and implications of risk-based decisions to both technical and non-technical stakeholders to drive consensus
• Understanding of the broader business context and align risk management decisions with organizational goals
• Navigate complex situations involving multiple variables and stakeholders, using independent judgement and critical thinking to assess risks and determine appropriate responses
• Navigate the complexity of an emerging cyber third-party risk management program through an objective and consistent methodology
• Provide expert guidance and support to vendors and internal teams to enhance their security practices
• Inspire confidence in stakeholders through demonstrated expertise and professionalism, influencing them to adopt recommended security remediation
• Foster a collaborative environment, working effectively with cross-functional teams to address third party risk
• Approach problems with a creative and analytical mindset, developing innovative solutions to address third party risks
• Adapting to the changing vendor landscape and potential risks and vulnerabilities, implementing preventative measures to mitigate risk before they impact the organization

The hiring base salary range for this position is $111,100 - $152,800 annually. Actual compensation within this range will be dependent upon the individual’s knowledge, skills, experience, equity with other team members, and alignment with market data. 

What’s in it for You
•  A culture of innovation, empowerment, decision-making, and accountability
•  Comprehensive health and welfare benefits that serve the needs of you and your family and foster a culture of wellness (for qualified roles)
•  Additional benefits and amenities, including paid time-off programs (vacation, sick leave, and holidays) (for qualified roles)

Applicants will be required to undergo a background check only if and after a conditional offer of employment has been extended.

Element Fleet Management and its wholly owned subsidiaries are an equal opportunity employer committed to diversity, equity, inclusion, and belonging. We are pleased to consider all qualified applicants for employment without regard to race, color, religion, gender identity, age, sex, sexual orientation, disability, national origin, Aboriginal/Native American status, protected veterans’ status or any other legally-protected factors. Disability-related accommodations during the application and interview process are available upon request. Should you require an accommodation with our hiring process please send an email to talentacquisition@elementcorp.com or call (800) 665-9744.