Senior Vendor Cyber Risk Analyst
S&P Global
Full time Full day
Islamabad
S&P Global Corporate
The Role: Senior Vendor Cyber Risk Analyst
The Team:
As part of Corporate Risk Management / Business Delivery Risk Management, the Vendor Cyber Risk Management team manages the Supply Chain Cyber risks by performing risk assessments of third-party engagements to identify and reduce the risks posed by third parties. This is an extremely important role, considering the fact that 63% of data breaches happen due to third parties. It involves working with internal stake holders as well as third parties to achieve the results.
The Impact:
This role helps reduce the cyber risk posed by third parties and protects S&P Global brands against possible attacks against our information assets by threat actors via backdoor created by our vendors.
What’s in it for you:
Third party risk management is one of the fast-growing areas in financial services companies. The rapid pace of adoption of cloud applications (SaaS) and Business Process Outsourcing (BPO) has made this even more critical as regulators pay a lot of attention as to how companies manage third-party risk.
What We’re Looking For:
Basic Qualifications:
Bachelor’s degree in Computer Science or engineering or equivalent
Experience: Minimum 8 years of experience in Information Technology or Risk Management, out of which a minimum of 4 years with Information Security or Technology Risk Management
Experience with Information Security and/or Technology Risk Management, servicing US-based large financial services companies
Ability to assess controls with respect to cloud applications as well as organization-wide controls
Demonstrable understanding of the concepts of technology controls and information security controls
Strong communication skills are a must. The resource should be able to effectively communicate with cross-functional teams and external vendors, both written and oral communication is critical
The candidate is required to act as a “Go to” person for rest of the team.
The candidate is also expected to perform complex risk assessments of cloud service providers.
Ability to come up with risk metrics, to enhance our existing procedures is highly desired.
This position is required to work in UK Shift; flexibility is a must, especially when it comes to vendor and internal meetings held during US business hours
Exposure to cloud technologies and cloud security is highly desired; the familiarity with pubic cloud technologies such as Amazon Web Services (AWS) or Microsoft Azure or Google Cloud is highly preferred
Any prior exposure to vendor risk management is a plus
Preferred Qualifications:
Certifications: Information Security and risk management certification (e.g. ISACA/CRISC, SANS/GIAC, ISC2 CISSP, ISACA/CISA) is desirable but not a must
Project management skills are nice to have as the activities involve coordination with internal stakeholders and the vendors
Return to Work: Have you taken time out for caring responsibilities and are now looking to return to work? As part of our Return to Work initiative (link to career site page when available), we are encouraging enthusiastic and talented returners to apply, and will actively support your return to the workplace.
The Grade : 10
The Location: Islamabad, Pakistan
About Company Statement: S&P Global delivers essential intelligence that powers decision making . We provide the world’s leading organizations with the right data, connected technologies and expertise they need to move ahead. As part of our team, you’ll help solve complex challenges that equip businesses, governments and individuals with the knowledge to adapt to a changing economic landscape.
#LI-USA
-----------------------------------------------------------
Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: [email protected] and your request will be forwarded to the appropriate person.
US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.
----------------------------------------------------------- 20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.1 - Middle Professional Tier I (EEO Job Group)
Job ID: 286797
Posted On: 2023-05-03
Location: Islamabad, Pakistan
The Role: Senior Vendor Cyber Risk Analyst
The Team:
As part of Corporate Risk Management / Business Delivery Risk Management, the Vendor Cyber Risk Management team manages the Supply Chain Cyber risks by performing risk assessments of third-party engagements to identify and reduce the risks posed by third parties. This is an extremely important role, considering the fact that 63% of data breaches happen due to third parties. It involves working with internal stake holders as well as third parties to achieve the results.
The Impact:
This role helps reduce the cyber risk posed by third parties and protects S&P Global brands against possible attacks against our information assets by threat actors via backdoor created by our vendors.
What’s in it for you:
Third party risk management is one of the fast-growing areas in financial services companies. The rapid pace of adoption of cloud applications (SaaS) and Business Process Outsourcing (BPO) has made this even more critical as regulators pay a lot of attention as to how companies manage third-party risk.
What We’re Looking For:
Basic Qualifications:
Bachelor’s degree in Computer Science or engineering or equivalent
Experience: Minimum 8 years of experience in Information Technology or Risk Management, out of which a minimum of 4 years with Information Security or Technology Risk Management
Experience with Information Security and/or Technology Risk Management, servicing US-based large financial services companies
Ability to assess controls with respect to cloud applications as well as organization-wide controls
Demonstrable understanding of the concepts of technology controls and information security controls
Strong communication skills are a must. The resource should be able to effectively communicate with cross-functional teams and external vendors, both written and oral communication is critical
The candidate is required to act as a “Go to” person for rest of the team.
The candidate is also expected to perform complex risk assessments of cloud service providers.
Ability to come up with risk metrics, to enhance our existing procedures is highly desired.
This position is required to work in UK Shift; flexibility is a must, especially when it comes to vendor and internal meetings held during US business hours
Exposure to cloud technologies and cloud security is highly desired; the familiarity with pubic cloud technologies such as Amazon Web Services (AWS) or Microsoft Azure or Google Cloud is highly preferred
Any prior exposure to vendor risk management is a plus
Preferred Qualifications:
Certifications: Information Security and risk management certification (e.g. ISACA/CRISC, SANS/GIAC, ISC2 CISSP, ISACA/CISA) is desirable but not a must
Project management skills are nice to have as the activities involve coordination with internal stakeholders and the vendors
Return to Work: Have you taken time out for caring responsibilities and are now looking to return to work? As part of our Return to Work initiative (link to career site page when available), we are encouraging enthusiastic and talented returners to apply, and will actively support your return to the workplace.
The Grade : 10
The Location: Islamabad, Pakistan
About Company Statement: S&P Global delivers essential intelligence that powers decision making . We provide the world’s leading organizations with the right data, connected technologies and expertise they need to move ahead. As part of our team, you’ll help solve complex challenges that equip businesses, governments and individuals with the knowledge to adapt to a changing economic landscape.
#LI-USA
-----------------------------------------------------------
Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: [email protected] and your request will be forwarded to the appropriate person.
US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.
----------------------------------------------------------- 20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.1 - Middle Professional Tier I (EEO Job Group)
Job ID: 286797
Posted On: 2023-05-03
Location: Islamabad, Pakistan
How to apply
To apply for this job you need to authorize on our website. If you don't have an account yet, please register.
Post a resumeSimilar jobs
RFP (Development of a National Framework on Patient Safety & Quality of Care)
United Nations Pakistan
Full time Full day
PLEASE DO NOT APPLY ONLINE
Purpose of the Consultancy
The purpose of this consultancy the Institution is to provide technical expertise to the Ministry of National Health Services, Regulations, and Coordination (Mo/NHSR&C) in the development of a National Framework for...
Islamabad
WFP encourages female candidates and people with disabilities to apply.
WFP seeks candidates of the highest integrity and professionalism who share our humanitarian principles. Selection of staff is made on a competitive basis. We are committed to promoting diversity and...
Islamabad
Posted date
1st June, 2023
Last date to apply
19th June, 2023
Locations
Islamabad
Category
Healthcare Provider
Experience
5 years
Greetings from the National Poverty Graduation Programme (NPGP). The NPGP is a 6-year programme (with possible extension of 18 months)...
Islamabad