Third Party Risk Analyst

Third Party Risk Analyst

Posted on June 24, 2024

Apply Here

The Universities of Wisconsin are a premier system of public higher education serving more than 162,000 students. Awarding nearly 37,000 degrees annually, the universities are Wisconsin's talent pipeline, putting graduates in position to increase their earning power, contribute to their communities, and make Wisconsin a better place to live. Through a constellation of 13 universities statewide, the Universities of Wisconsin are a tremendous academic, cultural, and economic resource for Wisconsin, the nation, and the world.

The Universities of Wisconsin Administration assists in establishing policies, planning the programmatic financial and physical development of the Universities. UWSA supports the Universities in delivering transformative educational outcomes and research that expands the boundaries of knowledge. We work to extend the value of our universities beyond the boundaries of the campuses, seeking to enhance the quality of life for all in Wisconsin and beyond, in fulfillment of the Wisconsin Idea.

The Office of Information Security is responsible for leading the development and implementation of an enterprise information security program and providing shared security services to campus partners. The Office of Information Security is composed of three teams: Cyber Defense, IT Governance, Risk and Compliance, and Security Awareness and Outreach.

POSITION SUMMARY

This position is responsible for supporting our third-party risk management program, which is designed to assess the cybersecurity risk of third parties and their solutions and make informed recommendations for the secure adoption of services and technologies.

Primary responsibilities for this position include completing risk assessments of third-party service engagements, improving utilization and maximizing value of current IT Risk Management toolsets, maintaining a common repository of reviewed solutions, and working with stakeholders to socialize and mature third-party risk management processes at their respective universities. The incumbent in this position also assists in advancing the effectiveness of operations and proactively identify new strategies that contribute to success of the program. This position reports to the Director of Information Security Governance, Risk, and Compliance.

MAJOR RESPONSIBILITIES

Operational Risk Management

• Conduct risk assessments of third-party service engagements to evaluate the cybersecurity risk a university may encounter when working with or using a third-party solution or service

• Evaluate the design of key controls identified and provide control enhancement recommendations as appropriate

• Develop formal written assessment reports

• Develop relationships with both technical and functional units and assist in improving risk culture throughout the organization

• Contribute to other risk management activities, which may include monitoring and tracking identified risks and other special projects as needed

Program Development

• Enhance and contribute to third party risk strategies, tools, and methodologies to measure, monitor, and report risks

• Assist in formalizing assessment techniques for adherence to regulatory standards including GLBA, NIST Cybersecurity Framework, HIPAA, and FERPA.

• Develop and maintain job aids in support of Third Party Risk Management procedures

• Assist with the creation and development of standardized reports, templates, and scorecards used to inform leadership on third party risks

• Assist in the production of metrics and reports that serve to demonstrate operating effectiveness of program operations

Professional Development

• Maintain professional and technical knowledge.

• Keep abreast of current trends in Third Party Risk Management and other related disciplines.

• Maintain and expand professional networks by participating in UW System-wide programs and national professional conferences and organizations.

MINIMUM QUALIFICATIONS

• Prior Third Party Risk Management, Audit, or Enterprise Risk Management experience

• Comprehensive knowledge of Third Party Risk Management processes and methodologies

• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with all levels of staff and leadership

PREFERRED QUALIFICATIONS

• Bachelor's degree.

• Experience conducting risk assessments against specific industry standards and regulations affecting the higher education environment such as NIST Standards and Frameworks, FERPA, GLBA, and HIPAA.

• Experience with OneTrust's IT & Security Risk Management solution

• CISSP, CRISC, CISA or related professional certification

Knowledge, Skills, and Abilities

• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.

• Strong customer service orientation and the ability to project that attitude to customers in remote locations.

• Ability to anticipate, draw conclusions, and adapt to changing needs and demands

• Maintain an understanding of the organizational mission, values, and goals and consistent application of this knowledge.

• Ability to manage projects across multiple teams or groups (strong planning, organization and project management skills)

• Strong analytical skills, problem solving, strategic thinking and reasoning abilities

• Ability to work independently and in a team environment

• A high degree of integrity, professionalism, and capacity to excel in a cohesive team environment

• Strong attention to detail.

• Ability to navigate a complex organization hierarchy.

COMMITMENT TO INCLUSIVE EXCELLENCE

Inclusive Excellence is a source of strength, creativity, and innovation for Universities of Wisconsin. We value the contributions of each person and respect the profound ways their identity, culture, background, experience, status, abilities, and opinion enrich the Universities of Wisconsin community. We commit ourselves to the pursuit of excellence in teaching and learning, research, scholarship, creative activity, community service, and diversity as inextricably linked goals.

Universities of Wisconsin fulfills its public mission by creating a welcoming and inclusive community for people from every background - people who serve the State of Wisconsin and the public good.

CONDITIONS OF EMPLOYMENT

Universities of Wisconsin is required to conduct a criminal background and sexual harassment check for the selected finalist prior to employment.

Please note that successful applicants are responsible for ensuring their eligibility to work in the United States (i.e., a citizen or national of the United States, a lawful permanent resident, a foreign national authorized to work in the United States without the need of employer sponsorship) on or before the effective date of appointment.

WORK LOCATION

Telecommuting or hybrid work options may be available. Some travel to Madison and campuses around the state may be required. Preference will be given to candidates that reside within the state of Wisconsin. Telecommuting agreements are subject to change at any time.

COMPENSATION AND BENEFITS

The Third Party Risk Analyst (official title: Information Security Analyst II) is considered a full-time, Academic Staff position that is salaried and FLSA exempt. Well-qualified candidates can expect a starting annual salary within the range of $80,000 - $95,000, commensurate with the candidate's education, related experience, and qualifications.

Universities of Wisconsin employees receive an excellent benefits package. To learn more about the benefits package, review the Faculty, Academic Staff & Limited Appointees. Please see this link for total compensation information: UW System Health & Retirement Contributions Estimator.

APPLICATION INSTRUCTIONS

To ensure full consideration, please submit application materials as soon as possible. Applicant screening will begin immediately and be ongoing through 11:59 pm, Sunday, July 14, 2024 However, applications may be accepted until the position has been filled.

• Go to the UWSA Applicant Portal to submit your materials online and select the appropriate applicant portal, either External Applicants or Internal Applicants and click on the position title that you want to apply for.

• To receive full consideration, interested applicants are required to apply online and provide:

• Resume (PDF Format)

• Cover letter addressing your experience and education as it applies to all minimum and preferred qualifications (PDF Format)

Failing to submit the required application documents may disqualify your application.

• Submit your application.

SPECIAL NOTES:

If you need to request an accommodation because of a disability, you can find information about how to make a request by contacting Sarah Wilson, HR Business Partner, at sarah.wilson@uwss.wisconsin.edu.

The Universities of Wisconsin will not reveal the identities of applicants who request confidentiality in writing, except that the identity of the successful candidate will be released. See Wis. Stat. §. 19.36(7).

Qualified applicants will receive consideration for employment without regard to, including but not limited to, race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, disability, or status as a protected veteran, and other bases as defined by federal regulations and UW System policies. We promote excellent through diversity and encourage all qualified individuals to apply.

Questions may be addressed to: Sarah Wilson, HR Business Partner, at sarah.wilson@uwss.wisconsin.edu.