![]() Strong relationship and facilitation skills. Strong analytical, problem solving, documentation, and time management skills. ![]() Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together.Work experience with security concepts including the ability to assess the security aspects of the following network devices, firewalls, intrusion detection/prevention systems, identity services, web applications, encryption, forensic analysis, penetration/vulnerability tools, Linux/windows/macOS, virtualization, desktop/laptop and mobile devices.Experience implementing and using technical auditing tools to perform validation of security controls.Solid understanding of cloud infrastructure, applications and coding practices preferred.Demonstrate solid knowledge of information security risks and countermeasures and PCI, HIPAA, SOC2, ISO 27002, FedRamp and other information security and control frameworks.Experience with a vendor risk management system, and incorporating continuous monitoring systems and services.5+ years of direct work experience in third-party risk management and/or cyber risk management with a technical Bachelor degree in Computer Science, Information Security, or similar technical field of study or 3+ years and a technical Master’s degree.Build team camaraderie and contribute to Splunk values.Respond to emerging threats by coordinating with vendors to understand supply chain impact.Champion the program mission and value proposition throughout the organization. Contribute to process improvements to continuously mature the Third-Party Risk Management Program and service.Use a risk-based approach to conduct reassessment of vendors periodically and monitor third-party vendors’ security practices and compliance with contractual obligation.Partner with Procurement and Legal in the contract-negotiation process if vital to ensure appropriate security obligations are incorporated in vendor agreement/contract.Perform technical validation on the security of the implementation of vendor solutions.Monitor the execution of risk treatment(s) and evaluate the residual risk. Provide sufficient information to risk owners and vendors in the development of treatment plans for the effective management of risk.Develop and maintain high-quality risk assessment documentation covering findings, risk statements, risk ratings, justifications and recommendations in the Splunk GRC tool and risk register.Accurately determine the risk rating with qualifications based on the potential impact and likelihood. Conduct detailed vendor risk assessments, working closely with key partners, to identify and evaluate risks before establishing or continuing operations with third-party vendors. ![]() Perform due diligence on vendor solution implementation to ensure the vendor product is configured securely. In this role you will perform due diligence review and risk assessments associated with third-party solutions and services, and communicate the risk assessment results to our internal business partners empowering them to make informed decisions in order to manage the risk in alignment with their business objectives and risk appetite. Splunk is seeking a Third Party Risk Analyst to join our Splunk Global Security (SGS) team to grow and mature our Vendor Trust Program. All of these relationships introduce various levels of risk to an organization, which requires close management and monitoring. In today’s business climate, organizations need to engage third parties to remain competitive and optimize internal operations. Splunk is the leader in big data, machine learning analytics with a significant presence in the cyber security market.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |