TPRM Auditor

About the Company: VISO Trust is the only SaaS third party cyber risk management platform that delivers the security intelligence needed for modern companies to make critical risk decisions at the speed of business. Assessing the risk of data breach third party relationships pose to their customers is a traditionally complex and labor intensive process that slows business, frustrates stakeholders and leaves security teams branded: the department of “no.” With VISO’s AI-based system, practitioners can instantly and continually assess any number of third parties while achieving on average a 90% boost in operational efficiency. At VISO, we are excited to be enabling customers to reduce risk and accelerate business at the same time.

VISO Trust is a venture-backed startup with a fully remote workforce based in North America. When hiring, we look for signs that a candidate will thrive in our culture, where we put people first and value ownership, curiosity, honesty and humility in the pursuit of excellence. We also value our differences, employing a team rich in diverse perspectives and experiences. We are dedicated to equal employment opportunities regardless of status or membership in a protected class or lack thereof.

Key Skills

● Strong analytical/critical thinking skills

● Excellent written, verbal communication and organisational skills

● Ability to perform policy and standard gap analysis based on leading security frameworks

● Knowledge of common control and policy taxonomies and hierarchies and related language

● Knowledge of common third party assurance related documents, their structure and analysis, such as AICPA SOC reports, PCIDSS ROC, HiTrust, ISO 27001 Statements of Applicability, etc..

Responsibilities

● Apply Company methodology to evaluate control presence and determine risk

● Document assessment procedures for subsequent automation

● Review business and technical assessments, questionnaires and related documentation

● Schedule and conduct review calls with third parties: ensure and track questionnaires sent to third parties, track and report on abandoned third parties, receive and review questionnaires responses and finalize reports

● Coordinate other due diligence that needs to be done in addition to security questionnaire when needed

● Collaborate with the Company Audit, Product, Engineering and Machine Learning personnel to develop continued program process and platform improvements

● Report on assessment outcomes, risk levels, and remediation progress

Requirements

● Bachelor’s degree with a major in Information Security or equivalent combination of education and experience, ie. CISSP, CISA, CIPP, CRISC, CEH, and/or CISM

● 4-6 years of experience with third party cyber risk management

● Have performed IT risk assessments against OWASP, PCI, GLBA, NIST, ISO, SIG/AUP or other standards

● Strong knowledge base in information security, risk management, privacy, operations, enterprise networking, systems evaluation, and architecture

● Ability to discern business relevant risk associated with technology control deficiencies, and to identify the corresponding remediation which is required to mitigate the business impact

● Knowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, Safe Harbor, CSA, etc.

● Self-starter who can function independently with limited direction but work closely with others when necessary

Submit your resume below to apply for this position or share at Prerna.malhotra@visotrust.com