- Evaluate third-party vendors and service providers to identify and mitigate potential organizational risks, ensuring compliance with regulatory requirements and internal policies.
- Work collaboratively with internal stakeholders, including the privacy team, procurement, and business owners, to manage third-party risks effectively, ensuring the secure integration of services and data management.
- Facilitate the completion and evaluation of third-party risk management forms by vendors, ensuring comprehensive risk analysis before proceeding with partnerships.
- Participate and improve the Security Awareness Program, including Phishing campaigns, to educate users on security best practices, contributing to a culture of heightened security awareness and reduced risk of social engineering attacks.
- Proactively conduct risk assessments to identify potential vulnerabilities and compliance gaps with third-party vendors, focusing on data privacy, security controls, and contractual obligations to safeguard organizational assets.
- Recommend and implement risk mitigation plans for identified vulnerabilities, ensuring that all third-party services align with the company's security standards and compliance requirements.
- Monitor and enforce third-party compliance with relevant regulatory standards and internal policies, reducing legal and operational risks.
- Keep accurate and up-to-date records of risk assessments, mitigation actions, and compliance activities to support audit processes and decision-making.
- Assist in SOC2 and other relevant audits by liaising with auditors and conducting thorough IT controls testing to ensure the design and operational effectiveness of security measures.
- Develop and lead the Security Awareness Program, conducting Phishing campaigns and other initiatives to educate and test the workforce, aiming to reduce susceptibility to cyber threats.
- Compile and analyze results from security initiatives, like Phishing campaigns, to identify trends, report on program effectiveness, and adjust strategies accordingly.
- Interact with vendors to conduct assessments and ensure the completion of necessary evaluations, emphasizing the importance of security from the onset of vendor relationships.
- Provide guidance to internal stakeholders regarding the importance of third-party risk management, educating them on the processes and requirements for adding new vendors or services.
- Continually seek opportunities to improve third-party risk management practices, security awareness programs, and compliance processes to adapt to changing threats and regulatory landscapes.
- Other assigned tasks to support the security program.
- Bachelor's degree in Information Security, Cybersecurity, Computer Science, Information Systems, or a related field; or equivalent experience.
- Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or equivalent certifications focused on risk management, audit, and compliance preferred.
- 3 to 5 years of experience in conducting risk assessments, managing third-party risks, and ensuring compliance with relevant standards and regulations.
- In-depth understanding of auditing standards, compliance requirements (e.g., SOC2, ISO 27001, NIST CSF, GDPR), and risk management frameworks.
- Expertise in evaluating and implementing risk mitigation strategies to address vulnerabilities associated with third-party vendors and service providers.
- Strong analytical, communication, and project management skills, essential for managing risk assessments, mitigation actions, and compliance activities.
- Participation in Security Awareness Programs, aiding in Phishing campaigns and security best practices education.
- Excellent verbal and written communication skills in English, with the ability to effectively communicate with vendors and internal teams globally, ensuring clear and concise interactions across diverse cultural backgrounds.
- Flexibility to accommodate both U.S. and UK business hours, ensuring effective collaboration with internal and external stakeholders in these regions to support the global operational requirements of our team and partners.
-
Credit Risk Analyst
hace 1 día
Infotree Global Solutions Heredia, Costa RicaPosicion temporal en Heredia, hibrida 3 dias oficina 2 desde casa. · **3 meses** · - Excel intermedio avanzado. · - Ingles avanzado. · - Bachillerato en educacion media. · - Estudios en contabilidad o finanzas · - Experiência como analista de riesgo mínima de 6 meses · Tipo de pu ...
-
Risk Analyst
hace 1 día
Experian Heredia, Costa RicaCompany Description · About us, but we'll be brief · Experian is the world's leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one o ...
-
Amazon Support Services Costa Rica SRL San José, Costa RicaExperience defining requirements and using data and metrics to draw business insights · - Advanced SQL experience · - Bachelor's degree or equivalent · - 4+ years analytical field experience · - Experience with reporting and Data Visualization tools such as Quicksight / Tableau / ...
-
Risk Reporting Analyst
hace 1 día
Citi Heredia, Costa RicaOTRC's Risk Reporting Team is responsible for providing risk and control management reporting services to OTRC and other key stakeholders within Enterprise O&T. Our team has a need for a Metrics Reporting Analyst with good Risk and Controls background, with special focus on produ ...
-
Credit Risk Analyst
hace 5 horas
Stryker Heredia, Costa Rica**Why finance at Stryker?**: · ***: · Are you looking for a profitable and growing company with a great culture and reputation? Stryker was recently named one of the Best Workplace in the WORLD by Fortune Here, you will have many opportunities to learn and grow as we offer develo ...
-
Compliance Aml Risk Mgt Analyst
hace 5 horas
Citi San José, Costa Rica**Responsibilities**: · - The Compliance Anti Money Laundering Risk Management Analyst is an intermediate level role responsible for the regulatory reports of the country and sanctions screening processes,. The overall objective is support and assists in all matters concerning to ...
-
Analyst, Cyber Risk
hace 2 días
Stryker Heredia, Costa Rica**Why join Stryker?**: · Our total rewards package offering includes bonuses, healthcare, insurance benefits, retirement programs, wellness programs, as well as service and performance awards - not to mention various social and recreational activities, all of which are location s ...
-
Business Analyst Ii, Selling Partner Risk
hace 1 día
Amzn Support Srvcs Costa Rica San José, Costa Rica3+ years of tax, finance or a related analytical field experience · - Bachelor's degree · - Experience defining requirements and using data and metrics to draw business insights · - Experience with Excel · - Experience with SQL · Within Amazon, the Selling Partner Risk team launc ...
-
Compl Aml Risk Mgmt Sr Analyst
hace 5 horas
Citi San José, Costa RicaThe Compliance Anti Money Laundering Risk Management Senior Analyst is an intermediate level role responsible for recommending/establishing internal procedures to prevent money laundering and assist in all matters concerning financial crimes in coordination with the broader Anti- ...
-
Business Risk Senior Analyst
hace 1 día
Citi Heredia, Costa RicaThe Third-Party Risk Management (TPRM) organization has an important role in managing and mitigating risks associated with Citi's use of third parties. The TPRM organization owns the end-to-end responsibility, accountability, and authority to ensure proper execution of Third-Part ...
-
Supply Chain IT Supplier Risk Systems Analyst
hace 5 horas
INTEL San José, Costa RicaIn this role we're looking for an IT Systems Analyst for a Supplier Risk and Responsibility Program. · Key responsibilities: · - Work with internal business partners and 3rd party software providers. · - Work with team leads to ensure functional requirements are complete and tran ...
-
Operational Risk Analyst Ii
hace 1 día
Citi Heredia, Costa RicaThe Operational Risk Analyst II is a developing professional role. Applies specialty area knowledge in monitoring, assessing, analyzing and/or evaluating processes and data. Identifies policy gaps and formulates policies. Interprets data and makes recommendations. Researches and ...
-
Sr. Cyber Risk Analyst
hace 2 días
Stryker Heredia, Costa Rica**Why join Stryker?**: · Our total rewards package offering includes bonuses, healthcare, insurance benefits, retirement programs, wellness programs, as well as service and performance awards - not to mention various social and recreational activities, all of which are location s ...
-
Operational Risk Analyst Ii
hace 1 día
Citi Heredia, Costa RicaThe Operational Risk Analyst II is a developing professional role. Applies specialty area knowledge in monitoring, assessing, analyzing and/or evaluating processes and data. Identifies policy gaps and formulates policies. Interprets data and makes recommendations. Researches and ...
-
Operational Risk Intmd Analyst
hace 1 día
Citi Heredia, Costa RicaThe Operational Risk Intmd Analyst is a developing professional role. Deals with most problems independently and has some latitude to solve complex problems. Integrates in-depth specialty area knowledge with a solid understanding of industry standards and practices. Good understa ...
-
Operational Risk Sr. Analyst
hace 5 horas
Citi Heredia, Costa Rica**Responsibilities**: · - Identify key operational risks exposures through Risk Identification assessment of data elements (Manager Control Assessment "MCA", Issues, Scenario Analysis, Model Risk, Op Losses) · - Present analytical findings, results of analysis, qualitative and qu ...
-
Sr. Lead Risk Analyst, Cyberrisk Management
hace 2 días
Stryker Heredia, Costa Rica**Why join Stryker?**: · Our total rewards package offering includes bonuses, healthcare, insurance benefits, retirement programs, wellness programs, as well as service and performance awards - not to mention various social and recreational activities, all of which are location s ...
-
Eo&t Risk Policy Senior Analyst
hace 5 horas
Citi Heredia, Costa Rica**Responsibilities**: · - Maintain Technology and Enterprise Operations policy documents in compliance with enterprise objectives and Corporate Policy Group requirements · - Conduct pre-vetting of new/revised Citi-wide Policy Documents, working with Policy Owners and relevant EO& ...
-
Amazon Support Services Costa Rica SRL San José, Costa Rica De jornada completaHave you ever thought about what it takes to detect and prevent fraudulent activity in hundreds of millions of eCommerce transactions across the globe? What would you do to increase trust in an online marketplace where millions of buyers and sellers transact? How would you build ...
-
Operational Risk Analyst
hace 3 horas
Citi Heredia, Costa Rica De jornada completaThe Third-Party Management (TPM) Risk and Performance Analyst will join Citi's Enterprise Third Party Management group, which is accountable for the end-to-end Third-Party Management program at Citi, for internal Third Parties, also known as Inter-Affiliates. · The Internal Overs ...
Security Risk Analyst - San José, Costa Rica - Catalina
Descripción
Our Team
The Security Risk Analyst plays a pivotal role in safeguarding our organization against the potential risks posed by third-party vendors and service providers. This individual ensures that all external partnerships adhere to strict regulatory standards and internal policies, prioritizing data privacy and security controls by conducting thorough evaluations and risk assessments. Collaborating closely with internal stakeholders, the analyst facilitates a comprehensive approach to third-party risk management, enhancing the integration of services with a keen focus on security and compliance. Additionally, leading and innovating the Security Awareness Program, the analyst champions a culture of security mindfulness across the organization, educating employees on best practices and mitigating the risks of social engineering attacks.
Responsibilities
Qualifications
The intent of this job description is to describe the major duties and responsibilities performed by incumbents of this job. Incumbents may be required to perform other job-related tasks other than those specifically included in this description.
All duties and responsibilities are essential job functions and requirements and are subjected to possible modification to reasonably accommodate individuals with disabilities.