Cyber - 3rd Party Risk Analyst

The Crum & Forster Cyber & Information Security team is seeking a Third-Party Security Analyst.  Reporting to the Director of Cyber & Information Security, the analyst will perform third-party security assessments.  You will work with a team of professional Security Analysts leveraging Next-Gen security tools to perform the full lifecycle of third-party reviews from onboarding to real-time monitoring of vendors and suppliers.

Responsibilities, Functions and Duties

§  Conduct technical security assessments of third-party vendors, suppliers and partners by reviewing their security controls, adherence to regulations, compliance and contracts. 

§  Analyze third-party security assessment findings and document security risks within the management software for tracking of risk reporting.

§  Coordinate with various stakeholders to verify and remediate security risk findings.

§  Develop KRIs and KPIs around third-party risk assessments and the remediation of key findings.

§  Develop, Update, and Publish Policies and Standard Operating Procedures for third-party risk management.

§  Continuously monitor for active vulnerabilities and cyber events against our vendors and suppliers

§  Participate in third-party cyber incident response by reaching out to impacted vendors and tracking remediation.   

§  Be an ambassador for Cyber & Information Security within Crum & Forster.

Requirements

§  Previous experience performing technical security audits or third-party assessments

§  Understanding of current Cyber Vulnerabilities & threats.

§  Knowledge of security assessments (SOC reports, ISO/NIST, vulnerability and pen testing assessments).

§  Fundamental understanding of system and network security principles and technology.

§  Ability to interface with a wide audience of technical and non-technical personnel.

§  Ability to prioritize and manage workloads and deadlines.

§  Excellent written and verbal communication skills.

§  Self-starter who is motivated and driven to learn.

§  Bachelor’s degree in a technical discipline or equivalent experience 

Preferred Qualifications

§  Prior experience and/or certifications in AWS, Azure, and/or GCP

§  Experience in performing third-party assessments of SaaS providers and vendors operating in cloud environments. 

§  Experience performing risk assessments

§  Any Security focused Certifications

§  3-5 year Cybersecurity related experience