Location
New York - 225 Liberty Street, Suite 4301 (BP)
Business
At Brookfield Properties, our global network and relationships are here for our tenants and partners — wherever they are in the world. Where going to work never feels routine. We integrate commercial real estate with world-class shops, restaurants, and entertainment, creating spaces where work and play don’t just coexist, but thrive. If you’re ready to be a part of our team, we encourage you to apply.
Job Description
We Are Brookfield Properties:
We are seeking an IT Manager, Third-Party Risk to join the Brookfield Properties U.S. Office Division in New York, NY. In this role, you will play a key part in inspiring change and continual improvement. If you are committed to excellence and ready to contribute to a dynamic culture, we would love to meet you.
The IT Manager, Third-Party Risk will join our Information Security team. Reporting directly to the Director of IT GRC, this pivotal role will oversee the operational and strategic aspects of our third-party cyber risk program. We seek a self-driven leader with a passion for process improvement and the ability to serve as a subject matter expert in vendor and compliance risk management.
Role & Responsibilities:
Independently conduct thorough third-party information security risk assessments, due diligence, and ongoing oversight of third-party services to ensure compliance and security
Collaborate with third parties and internal partners to develop and implement corrective action plans, mitigating and resolving third-party risks effectively
Play a vital role in shaping the department's overall strategy, processes, and approaches, demonstrating strong expertise in cybersecurity and compliance
Collaborate seamlessly with leadership, multiple internal organizations, external parties, legal, compliance, IT, and business units to leverage relationships, address priority issues, proactively identify, and promptly mitigate risks associated with third-party engagements
Drive process innovation, including activities like automation, and lead initiatives to enhance the efficiency, effectiveness, and operational capabilities of the third-party risk management program
Establish and maintain a comprehensive third-party risk register to address potential vulnerabilities across significant risk areas
Review contractual agreements to ensure proper provisions are included to protect company data in third-party engagements
Administer program procedures, tools, and related support materials to maintain consistent and effective risk management practices
Your Qualifications:
Bachelor's degree in Business, Computer Science, Information Technology, or related field. Related certifications (e.g., CISA, CISSP, CRISC) will be helpful
7+ years of combined IT and experience in third-party risk management in a global company
Professional information security experience, including conducting comprehensive third-party risk assessments
Act as a subject matter expert on third-party risk management, providing guidance and training to internal stakeholders
Strong knowledge in understanding and ability to review and analyze SOC reports
Strong knowledge of industry standards and regulations, including ISO 27001, NIST, GDPR, PCI, SOX, and other data/privacy regulations and standards
Strong understanding and practical experience in implementing risk management frameworks. This includes a comprehensive grasp of the risk management cycle, covering areas such as vulnerabilities, threats, and controls, enabling practical evaluation and mitigation of third-party risks
Extensive knowledge of data security, access control systems, and related matters
Ability to deliver regular reports and updates to senior management on the status of third-party risk management efforts, including establishing KPIs and metrics to gauge program effectiveness
Detail-oriented with excellent analytical, problem-solving, and organizational skills, coupled with strong communication abilities (both written and verbal)
Proven ability to work independently and in a team environment
Ability to coordinate and perform multiple tasks/projects simultaneously, balancing priorities and deliverables
Experience with the OneTrust third-party risk management module is a plus
Knowledge of PowerBI is a plus
Additionally, may be required to perform other duties as assigned
Compensation:
Salary Type: Non-exempt
Pay Frequency: Bi-weekly
Annual Base Salary Range: $105,000-$135,000
We are proud to create a diverse environment and are proud to be an equal opportunity employer. We are grateful for your interest in this position, however, only candidates selected for pre-screening will be contacted.
#BPUS