Corporate Third Party Oversight - Risk Application Security Expert

JobID: 210532026

Category: General Management & Ops

JobSchedule: Full time

Posted Date: 2024-06-25T14:10:08+00:00

JobShift: Day

Base Pay/Salary: New York,NY $123,500.00-$190,000.00

Join our team to ensure a consistent and effective risk management program globally for third party-hosted applications.

As an Application Security Expert, in Corporate Third Party Oversight you will ensure consistent and effective end-to-end risk management program is in place globally for third party-hosted applications. You will influence internal and external stakeholders to inform and ultimately mitigate third party application risk across the firm.

Job Responsibilities

• Drive the transformation agenda, including business justification and program build out.

• Partner with internal risk teams to support business as usual risk activities, reporting and project initiatives.

• Ensure risk impacting the business is effectively identified, quantified, communicated and remediated

• Influence supplier adoption of the product vision, roadmap, and risk control objectives

• Operationalize the Third Party Software Bill of Materials (SBOM) program

Required qualifications, capabilities, and skills

• 5+ years of experience in Third Party Risk Management (TPRM) or Governance, Risk Management, and Compliance (GRC), Cybersecurity, Application Security, Cloud Security Architecture (SaaS, PaaS & IaaS) within a large enterprise level environment

• 3+ years of experience using a broad set of technologies (e.g., servers, operating systems, applications, databases, hypervisors, virtualization management, containers, compute, storage, etc.)

• Strong leadership skills, ability to multitask, sense of ownership, attention to detail and quality, and deliver on commitments

• Understanding of Secure Software Development Life Cycle (SSDLC) (e.g., coding requirements, risk assessments, threat modeling, static code analysis, and dynamic application scanning)

Preferred qualifications, capabilities, and skills

• Certification in Public Cloud Technology from major Cloud Service Provider

• Experience with Software Bill of Materials (SBOM)

• CISSP, CISA, CISM, CCSP or CRISC certification