CHS Corporate
Cyber Security Engineer, Third Party Risk
,
Full Time
Job Summary
As a key member of the Digital Technology Risk Assurance team, the Technology Risk Analyst will leverage their practical knowledge and experience to independently assess and manage technology risks associated with third-party vendors. This role requires a proactive individual capable of tackling complex challenges with minimal guidance, contributing significantly to the organization's overall risk posture.
Essential Functions
Required Experience:
As a key member of the Digital Technology Risk Assurance team, the Technology Risk Analyst will leverage their practical knowledge and experience to independently assess and manage technology risks associated with third-party vendors. This role requires a proactive individual capable of tackling complex challenges with minimal guidance, contributing significantly to the organization's overall risk posture.
Essential Functions
- Comprehensive Vendor Evaluation: Conduct in-depth evaluations of third-party vendors and service providers, encompassing their financial stability, operational performance, and adherence to regulatory compliance requirements.
- Risk Identification and Mitigation: Proactively identify potential technology risks and vulnerabilities within third-party relationships, subsequently developing and implementing effective mitigation strategies and plans.
- Cross-Functional Collaboration and Communication: Foster strong collaborative relationships with internal teams, including procurement, legal, IT, and compliance, to ensure a unified and consistent approach to third-party risk management. Communicate and interact effectively and professionally with all stakeholders, including co-workers, management, business partners, and customers.
- Compliance and Standards Alignment: Ensure all third-party risk management practices are meticulously aligned with established industry standards, regulatory requirements, and the organization's strategic goals.
- Continuous Monitoring and Oversight: Implement and maintain continuous monitoring of third-party performance and compliance through regular audits, reviews, and performance assessments.
- Documentation and Record Keeping: Maintain thorough, accurate, and up-to-date records pertaining to all third-party risk management processes and activities.
- Organizational Awareness and Best Practices: Actively contribute to raising awareness of critical third-party risk issues and promote best practices across the organization.
Required Experience:
- 2-4 years in technology risk, cybersecurity, audit, compliance, or third-party risk management.
- Experience performing vendor risk assessments, due diligence, and ongoing monitoring.
- Working knowledge of risk frameworks (e.g., NIST, ISO 27001).
- Strong communication and stakeholder management skills.
- Analytical and detail-oriented with the ability to identify and address risk gaps.
- Familiarity with GRC or vendor risk management tools.
- 3+ years of third-party risk management experience, including process or framework improvement.
- Professional certifications (CISA, CISM, CRISC, CISSP, CTPRA, etc.).
- Experience in regulated industries or familiarity with third-party risk regulations.
- Understanding of IT and cybersecurity concepts (cloud, network, application security).
- Experience automating TPRM workflows or using GRC platforms (e.g., ServiceNow).
- Ability to work across teams such as Legal, Procurement, and Technology.
- Experience managing the full vendor risk lifecycle (onboarding through offboarding).