Third Party Risk Management Analyst

First Quality was founded in 1989 and, in nearly three decades, has grown to be a global privately held company with over 4,000 employees. Its corporate offices are located in Great Neck, New York, with manufacturing facilities and offices in Pennsylvania, South Carolina, Georgia, and Canada. First Quality is a diversified family of companies manufacturing consumer products ranging from Absorbent Hygiene (adult incontinence, feminine care, and baby care), Tissue (bath and towel), and Industrial (print and packaging materials), serving institutional and retail markets throughout the world. First Quality focuses on private label and branded product lines.

Our core business philosophy is built on a proud culture driven by safety and quality, respect, humility, integrity, customer focus, and teamwork. With leading edge manufacturing technologies and processes and visionary leadership, First Quality is positioned to continue significant growth in the coming years.

Information Security Third Party Risk Management Analyst

This position is responsible for managing the daily operations of the Information Security Third Party Risk Management (TPRM) program within the Information Security Governance, Risk and Compliance (IS GRC) team. This position has several principal responsibilities as outlined below. This position reports to the Manager of Information Security GRC.

ESSENTIAL DUTIES AND RESPONSIBILITIES

The Information Security Third Party Risk Management Program Analyst will be tasked with running the day-to-day third-party assessments by working alongside the Third Party Risk Lead and Manager of Information Security GRC. The Analyst will be responsible for the day-to-day vetting operations of the Third-Party Risk Management Program which includes risk assessments for vendor applications, software, systems, contractors and consultants. This role will be responsible for ensuring sound security practices are built in throughout the third parties' lifecycle.

Activities include:

• Directly responsible for performing security due diligence risk assessments on new and existing third parties against First Quality policies as well as leading industry practices
• Identify third party risks, appropriate risk levels, and recommend remediation or mitigation strategies to the business
• Present issues to the business and 3rd parties and obtain corrective action plans
• Track and follow up on corrective action plans and review evidence for closure
• Work with business and project teams to ensure security controls are built into IT functional specifications using leading industry practices
• Review documentation associated with third party risk assessments to identify non-conformances
• Establish and maintain Key Performance Indicators (KPIs)and Key Risk Indicators (KRIs) for the Third-Party Risk Management Program and initiatives
• Periodically reach out to vendors hosting our data regarding current threats to ensure they are taking necessary steps to reduce exposure and risk
• Perform maintenance and configuration changes, as necessary, in the Third-Party Risk Management platform
• Update procedure documentation to incorporate process changes
• Drive relevant stakeholder participation in evaluation of risk and control effectiveness
• Maintain expertise on security trends through training, research, and development to mitigate potential security exposures
• Liaise with key functional teams such as HR, IT, OT, Digital Strategy, Finance, Enterprise Risk, Quality, Office of General Counsel and relevant business stakeholders to perform third party security reviews on their new and existing vendors and identify risks that require remediation

Requirements:

• Occasional travel : Up to 15%

QUALIFICATIONS:

• 5 years’ experience working directly in an Information Security, Information Technology or Operational Technology department with involvement in the Third-Party Risk Management Program
• Experience working with any Third-Party Risk Management platform is preferred
• Experience securing or assessing SCADA/OT systems and vendor solutions is a plus
• Working knowledge of security technologies and controls in the following areas: Operational Technology/SCADA systems, cloud computing, mobile device management, identity and access management, emerging technologies
• Working knowledge of the following types of assessment reports: Standard Information Gathering (SIG), SOC 1 and 2 reports, CAIQ
• Working knowledge of the following frameworks and regulations: ISO 27001/2, NIST 800-53, NIST CSF, Standard of Good Practice, HIPAA HiTrust
• Bachelor's degree in management information systems, computer science, cyber security or equivalent
• Ability to work independently and under the guidance of a direct supervisor
• Ability to prioritize and multitask and a work approach that supports flexibility and adaptability is paramount
• Excellent written and oral communications skills; ability to lead discussions, present ideas to audiences of all sizes, and interact with all levels of the organization
• Ability to communicate security technical risks to non-technical business stakeholders
• Proficiency with the Microsoft Office suite
• Professional security management certification: CompTIA Security +, CISSP, CISA, or equivalent or working towards certification is preferred

Base pay is only part of our total compensation package, which also includes an attractive annual discretionary bonus and a robust suite of employee benefits for which you are eligible to participate in starting on your first day of employment.

Base pay offered will be determined on an individualized basis and we will consider your location, experience, and other job-related factors.

First Quality is committed to protecting information under the care of First Quality Enterprises commensurate with leading industry standards and applicable regulations. As such, First Quality provides at least annual training regarding data privacy and security to employees who, as a result of their role specifications, may come in to contact with sensitive data.

First Quality is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, sexual orientation, gender identification, or protected Veteran status.