Cybersecurity Third-party Risk Assessor

As the world around us becomes more connected and digital, cybersecurity attacks increase opportunities for fraud and disruption. In this constantly changing landscape, the need for companies, products, and services to be secure is more important than ever.

Are you passionate about keeping good people safe from bad actors? We are, too We are HP Cybersecurity, and we are tasked with the security of the HP enterprise. As HP continues our digital transformation, the work of the cybersecurity professional is never complete and is always interesting. Come be a part of making a difference with us

The HP Cybersecurity Risk Assessor is responsible for end-to-end cyber security risk management, including risk identification, analysis, and evaluation, identifying remediation requirements, and supporting remediation efforts. Defined risk assessment processes and risk management methodologies are utilized to meet these objectives.

This role also contributes to and/or leads continuous process improvements to enhance HP’s cyber security GRC capabilities.

The Cybersecurity Risk Assessor controls data flows, identifies relevant cybersecurity-related information to understand trends, and reflects them in reporting tools that enable cybersecurity data-driven decisions, plans, and actions to keep HP secure. Also collaborates across teams to assess, consult, and implement data & automation solutions.

**What a Cybersecurity Risk Analyst/ Assessor does at HP**:

- Scopes manages and performs cyber security risk and/or compliance assessments.
- Maintains the risk register for all assessed assets utilizing eGRC/IRM solution.
- Provides risk mitigation/remediation guidance to stakeholders.
- Supports internal and external audits as needed.
- Contributes to and/or leads the continuous improvement and maturation of GRC practices.
- Monitors industry cybersecurity threats, Cybersecurity best practices, regulatory changes, corporate updates, and geo-political changes impacting HP’s security.

**Individuals who thrive in this role at HP typically have**:

- Bachelor’s degree (preferably in computer science, engineering or related area of study, or equivalent experience).
- Typically, 6+ years of relevant experience, including conducting risk and compliance assessments.
- Technical Cyber Security Certification through one of the recognized bodies preferred: SANS, ISACA, (ICS)2, CompTIA, Cisco, CERT.
- Solid working knowledge of industry frameworks and standards, including ISO27001/27002/27005, NIST CSF, NIST 800-53, SOC2, PCI-DSS, and SIG.
- Knowledge of standard GRC processes, including risk management, exception to policy, policy management, controls management/mapping, and auditing.
- Results-driven, strong analytical skills, ability to connect the dots to make better decisions.
- Able to deal well with ambiguity, balancing risk with potential delays.
- Fluent in Oral and written communications.
- Able to work effectively in a team and with various stakeholders at various organizational levels.
- Excellent responsiveness, organizational, and time management skills.
- Proactive in seeking problem resolution.

**About the team**:
The Cybersecurity Governance, Risk Management and Compliance team is a key pillar of the Cybersecurity organization responsible for protecting the HP Enterprise against cyber threats. The GRC team is a diverse group of cyber security professionals who collaborate with all disciplines within Cybersecurity as well as business and functional stakeholders as trusted advisors to effectively manage cyber security risks to the business.

**About HP**:
You’re out to reimagine and reinvent what’s possible—your career and the world around you. So are we. We love taking on tough challenges, disrupting the status quo, and creating what’s next. We’re in search of talented people who are inspired by big challenges, driven to learn and grow, and dedicated to making a meaningful difference.

We are 60,000+ HP employees, united in creating technology that makes life better for everyone, everywhere. Interested in joining us? Let’s talk.

**Knowledge & Skills**
- Cybersecurity operations
- Cybersecurity governance
- Third-Party Risk Assessments
- Knowledge of risk assessment frameworks
- Risk analysis.
- Issue tracking.
- Security controls
- Operating systems

**Cross-Org Skills**
- Effective Communication
- Strong relationship management skills
- Analytical Mindset
- Results Orientation
- Learning Agility
- Customer Centricity
- Multitasking

**Impact & Scope**
Impacts function and leads and/or provides expertise to functional project teams and may participate in cross-functional initiatives.

**Complexity**
Works on complex problems where analysis of situations or data requires an in-depth evaluation of multiple factors.