Title: Business Risk & Controls Advisor
Location: San Antonio, TX (onsite 4 days/week)
Contract: Through June 2025, potential of extensions
Job Responsibilities:
- 2-4 yeas of Information Security/Information Technology or Governance Risk & Compliance / Third Party Risk Management experience
- Review Enterprise Third Party Risk Management triggers to validate the need to conduct due diligence on third parties (this requires discussions with the Line of Business on their submissions of the Inherent Risk Questionnaire (IRQs) and questioning their understanding of the service being contracted for and data being shared).
- The individual will also be reviewing Post due diligence assessment work entering findings into the GRC tool (Sales Force/Archer) validating issues identified have been resolved and closed out in the GRC Tool).
Technical Requirements:
- Strong knowledge of NIST Cyber Framework
- Strong background in IT Security Risk Assessments
- Microsoft Excel
- Strong writing and issue remediation knowledge as it relates to Information Security and Technology risk domains.
- Certification with some level of work experience in this area (TPRM/Governance, vendor assessments) – Security+, CTPRP, CISA, CRISC, etc
