TPRM Auditor
2 months ago
About the Company:
VISO TRUST is the only SaaS third party cyber risk management platform that delivers the security intelligence needed for modern companies to make critical risk decisions at the speed of business. Assessing the risk of data breach third party relationships pose to their customers is a traditionally complex and labor intensive process that slows business, frustrates stakeholders and leaves security teams branded: the department of “no.” With VISO’s AI-based system, practitioners can instantly and continually assess any number of third parties while achieving on average a 90% boost in operational efficiency. At VISO, we are excited to be enabling customers to reduce risk and accelerate business at the same time.
VISO TRUST is a venture-backed startup with a fully remote workforce based in North America. When hiring, we look for signs that a candidate will thrive in our culture, where we put people first and value ownership, curiosity, honesty and humility in the pursuit of excellence. We also value our differences, employing a team rich in diverse perspectives and experiences. We are dedicated to equal employment opportunities regardless of status or membership in a protected class or lack thereof.
About the Job
As a Third Party Risk Auditor at VISO TRUST, you will be responsible for analyzing security documents, conducting third-party risk assessments, and ensuring the accuracy of our AI-driven platform’s automated due diligence. You’ll collaborate with Product, Engineering, and Machine Learning teams to improve risk assessments and enhance platform efficiency. This role is ideal for someone with strong analytical skills and experience in cybersecurity frameworks, excited to work with AI to streamline third-party risk management.
Key Responsibilities
- Analyzing security program related language and documents, recording text annotations for the training of machine learning models and ensuring quality assurance on the conclusions drawn by automated assessments
- Conducting domestic and global third party risk assessments including coordinating intake of new third parties and new engagements, third party security reviews, interacting with internal and external stakeholders, reporting on assessment outcomes and tracking remediation efforts
- Working closely with Product, Engineering, Customer Success and Machine Learning teams to contribute to automation logic and model training and ensure the success of reviews performed on the platform
- Apply VISO TRUST methodology to to evaluate control presence and determine risk
- Document assessment procedures for subsequent automation
- Review business and technical assessments, questionnaires and related documentation
- Schedule and conduct review calls with third parties: ensure and track questionnaires sent to third parties, track and report on abandoned third parties, receive and review questionnaires responses and finalize reports
- Coordinate other due diligence that needs to be done in addition to security questionnaire when needed
- Collaborate with VISO Audit, Product, Engineering and Machine Learning personnel to develop continued program process and platform improvements
- Report on assessment outcomes, risk levels, and remediation progress
Key Skills, Qualifications & Experience
- Strong analytical/critical thinking skills
- Excellent written, verbal communication and organizational skills
- Ability to perform policy and standard gap analyses based on leading security frameworks
- Knowledge of common control and policy taxonomies and hierarchies and related language
- Knowledge of common third party assurance related documents, their structure and analysis, such as AICPA SOC reports, PCI DSS ROC, HiTrust, ISO 27001 Statements of Applicability, etc.
- Deep knowledge and experience with regard to the VISO TRUST technology platform and it’s unique approach to text extraction and automated risk determination
- Bachelor’s degree with a major in Information Security or equivalent combination of education and experience, ie. CISSP, CISA, CIPP, CRISC, CEH, and/or CISM
- 1-4 years of experience with third party cyber risk management
- Have performed IT risk assessments against OWASP, PCI, GLBA, NIST, ISO, SIG/AUP or other standards
- Strong knowledge base in information security, risk management, privacy, operations, enterprise networking, systems evaluation, and architecture
- Ability to discern business relevant risk associated with technology control deficiencies, and to identify the corresponding remediation which is required to mitigate the business impact
- Knowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, Safe Harbor, CSA, etc.
- Self-starter who can function independently with limited direction but work closely with others when necessary.
- Knowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, Safe Harbor, CSA, etc.
- Self-starter who can function independently with limited direction but work closely with others when necessary