GRC Vendor Assessment Officer
Socure
TBD
Who We Are:
Socure is redefining identity verification with groundbreaking technology, supporting myriad organizations with the most accurate authentication tools in the industry.
What we build helps businesses scale faster, stop fraud, and ultimately allows millions of people who are excluded from the digital economy (due to outdated fraud detection models) to take part in it like everyone else.
Our culture is about innovation, winning, and customer obsession. We are full of top performers that prioritize excellence and results, as well as support for one another, on the path to achieving our mission: to verify 100% of good identities in real time and completely eliminate identity fraud for every applicant on the internet.
To learn more about working at Socure visit our career page here: https://www.socure.com/company/careers
What the Role Is:
Our GRC team has the unique opportunity and visibility to actively partner with departments across Socure taking a holistic view of the whole company and reducing risk. We are responsible for the operations and oversight of company policies, practices, and procedures and translating the requirements of legal, regulatory, and contractual obligations into real solutions.
We live in an era and time of SolarWinds, Log4J and various other third party vulnerabilities, which have caused significant disruption to business operations. Socure is looking for a motivated Vendor Risk Management professional to join our team and address risk associated while working with third party vendors.
This role reports to the GRC Vendor Assessments Officer within the larger Governance, Risk & Compliance Team.
What You’ll Do:
- Support initiatives individually and as part of a larger GRC group to keep pace with a high-performance fast-growing data-driven company
- Manage Third Party Risk Management (TPRM) requests for internal stakeholders, to help Socure stay up to speed during its hyper growth phase.
- Evaluate risks — known and unknown — within the Vendor’s environment and its operations in accordance with known industry frameworks (ISO, NIST, etc.)
- Track and Monitor Vendor Assessments and Reports during different stages of the Third Party Risk Management Lifecycle to ensure any and all risks are identified, addressed and remediated.
- Review and prioritize vendor vulnerabilities based on impact and suggest remediation for threats based on their severity.
- Assist in the Annual Due Diligence Initiative for Critical and High Risk Vendors at Socure. This comprises of Virtual Onsite Assessments with Vendors and documentation based reviews.
- Review new tool requests from internal Socure stakeholders and assess based on risks associated with implementation.
- Review security attestations from third parties and map documented observations to controls applicable to the engagements with Socure.
- The position requires collaboration with multiple teams internally so we are looking for an individual with high initiative that has demonstrated the ability to work collaboratively in a team environment. The candidate must be detail oriented, have excellent communication, writing and organizational skills.
- Other Ad-Hoc GRC initiatives, as required.
What You’ll Bring:
- 2+ years IT security, IT risk, IT auditing, and/or IT compliance experience within a technology company, accounting firm, or other company operating in heavily regulated environments
- 2+ years experience in the Third Party Risk Management domain,
- Bachelor’s Degree or Equivalent Work Experience evaluating risk across data and privacy
- Exceptional organizational skills
- Near-Uncanny attention to detail
- Excellent written and verbal communication skills
- Able to oversee and manage multiple projects simultaneously
- Must have familiarity with a majority of the following:
- SaaS-based services and systems
- Authentication systems and schema
- Cloud-based hosting and virtualized networked systems
- Code Development methodologies and environments
- Database security
- Any other item we may have missed but you feel strongly about enough to mention
- Experience with AICPA (SSAE16/SOC reporting), ISO (27001 and associated certifications), NIST, and HITRUST frameworks, among others
- Anticipated travel: 15% per year, post-COVID, remote work is expected at this time
Nice-to-Have Skills:
- Regulatory knowledge, including data handling policies and procedures within and outside of the U.S. a plus
- Familiarity with SIEM Tools, OneTrust GRC tool.
- Familiarity with AWS as an Infrastructure (not too technical)
Perks & Benefits:
- Competitive base salary
- Equity – every employee is a stakeholder in our upside
- Medical, dental and vision benefits for employees and their dependents
- Parental leave and fertility support
- Flexible PTO
- 401K with company match
- Stipend to supply your home office
- Annual professional development stipend