Previous Job
Previous
Information Risk Consultant
Ref No.: 17-13394
Location: Springfield, Massachusetts

Mandatory skills:
• Experience with industry standard Information Technology Control Policies and Standards frameworks and risk management methodologies including NIST and ISO
• Experience in risk assessment evaluation as well as identification of risk and mitigations
• Experience in conducting control self-assessments and review SOC 2 reports
• Experience in Information Risk, Information
Security, Audit, and supplier information risk management
• Experience in third party vendor risk assessments
• CISSP or CISA qualified or relevant experience
• Demonstrates a strong ability to identify, analyze, and solve problems
• Excellent oral and written communication skills, and attention to detail

Preferred skills:
• Experience with Archer GRC platform
• Experience in Cloud Security

Job Responsibility:
• Completes reviews of supplier provided artifacts including Control Self Assessments, SOC 2 Reports, and other artifact reviews using defined process and templates
• Ensures that completed materials received are in good order and follows‐up with the supplier relationship managers (SRM) where needed
• Identifies issues and mitigations from the assessment and works with the supplier SRM
• to proactively mitigate these items
• Uses Centralized GRC tool (Archer) to input assessment evidence, assessment details, issues if identified during the assessment and supporting mitigations
• Assists with supplier assessment metrics and reporting