Job Description:

Location: Monterrey or Matamoros, Mexico

Applications from persons not living in Mexico will NOT be accepted.

The Third Party Risk Advisor is responsible for third-party information risk management related to suppliers and other third parties. The individual creates and leads an effective program to improve suppliers' information security maturity to protect the enterprise. The Third Party Risk Advisor works under the direction of security leadership to drive awareness of third-party information risks through all business groups.

In addition, the Third Party Risk Advisor will monitor the enterprise's security posture as seen by our customers and work with various internal teams to prioritize any remediation activities needed. As such, the role requires technical aptitude, business understanding, and the ability to work with diverse groups.

Essential Job Duties

• Partner with business groups to identify, analyze, and mitigate third-party security risks associated with outsourced activities and products.
• Provide third-party security consultation for new and ongoing third-party relationships.
• Consult on defining third-party security policies and best practices.
• Educate and build awareness of third-party security requirements.
• Improve third-party compliance with enterprise security standards and policies.
• Participate in testing and monitoring security and privacy controls executed by third parties interacting with enterprise data.
• Lead security enhancement projects focused on new or changing third-party relationships.
• Review contracts, project documentation, system design documents, vendor security policies, and other vendor security references (i.e., SOC reports, SIG questionnaires, security ratings, etc.) to determine the extent, type, and scope of risks of the vendor relationship.
• Maintain an inventory of third parties who possess and interact with enterprise data, including critical risk information about the relationship, data attributes, and regulatory compliance.
• Support completion of enterprise information security reviews for new and ongoing third-party relationships.
• Monitor open third-party security issues and remediation actions associated with security control gaps to ensure timely closure.
• Collaborates with the vulnerability management team to prioritize and remediate internal findings.
• Please do other duties as assigned.

Skills and Experience

• 2-3 years of information security, IT, risk management, or procurement experience.
• Technical background with an understanding of security threats.
• Practical verbal and written communication skills, including presentation and the ability to
• influence.
• Strong project management skills and organizational skills.
• Experience with security rating platforms such as BitSight, SecurityScorecard, or others.
• Ability to work in a constantly changing environment under tight deadlines.
• Ability to switch from independent work to group activities with excellent interpersonal skills.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Experience with one or more of the following: NIST, ISO 27001, PCI DSS, HIPAA, HITECH, SOX, GDPR, CCPA, CIS, or SOC 2.

Education Requirements

• Preferably higher education or equivalent industry experience.

Certification Requirements

• CISSP (Associate), CISM, or similar security certifications are preferred but not required.

Salary Package:
MX$ 90,000.00 - 100,000.00 (Mexican Peso)