Previous Job
Enterprise Security Consultant
Ref No.: 18-02910
Location: Newtown Square, Pennsylvania
Enterprise Security Consultant
Newtown Square, PA, United States
3+ Months Contract

Job Description

  • Manage the Ariba Risk Registry and supporting risk identification, tracking and management processes.
  • Complete Ariba product, service, infrastructure risk assessments and assist with audit preparation.
  • Develop and drive the strategy for management of third party risk consistently by utilizing FFIEC, SIG, Shared Assessments Program and other relevant frameworks.
  • Effectively manage third party risk in accordance with internal policy and regulatory requirements, ensure strong oversight of all potential/current, internal/external, service provider risks and provide elevated visibility of existing and emerging areas of exposure.
  • Support Vendor selection and contracting on major sourcing efforts and reassess the risks associated with a vendor prior to the renewal of contract agreements.
  • Manage Third Party Risk Management processes, a central repository for vendor documents, due diligence and issue management. Evaluate and assist in selection and implementation of GRC and InfoSec business enablement tools.
  • Monitor vendor risk incidents, remediation resolution including development and execution of corrective action plans, and ensure follow-on reporting and monitoring. Work with legal to evaluate and process complaints and litigation.
  • Evaluate, test, document, track, and improve vendor compliance controls and track the identification, remediation/mitigation or acceptance of risk decisions.
  • Establish and maintain relationships with internal and external Audit, Operations, Procurement, General Counsel, Risk Management, Security Services, and other stakeholders to ensure compliance with Third Party Risk Management policies and procedures.
  • Create and maintain internal and external audit schedules and monitor compliance with Risk Management requirements that play a role in delivery of SAP Ariba cloud services to customers.
  • Conduct risk assessments on business and operational processes, procedures, and policies and Interpret results and determine adequacy and reliability of controls.
  • Develop, drive and lead a strategy around the management of information risk utilizing mechanisms to track the identification, remediation or acceptance of risk decisions.
  • Deliver to company leadership a risk-based ranking of business-critical processes and services provided by an independent third party.
  • Lead onsite assessments, with the assistance of the business and internal/external auditors, for critical vendors, ensuring consistent execution.
  • Prepare, track and present key performance indicators (KPIs), metrics and reports of Vendor risk management activities for benchmarking and operational success. Maintain Vendor risk scorecards to track residual risks.
  • Working with the appropriate business users and experts, ensure that for any identified risk that require mitigating action, including vendor disengagement, a plan is developed and executed that indicates the process and/or service involved, the outgoing vendor, the replacement vendor, the anticipated timeline, measurable milestones, expected completion date and the plan for contingencies should an orderly transition not occur.
  • Develop and maintain workflow to optimize system controls and processes to manage risk.
  • Deliver continuous training to the Business and promote awareness of Ariba cloud and vendor risks.
  • Act as a SME and stay abreast of regulatory environment regarding cloud compliance, risk management and service providers.

  • 5+ years of experience in information security audits and risk management.
  • Knowledge of Cloud Security concepts, techniques, tools, methods and practices including DLP, encryption, vulnerability management, GRC, segregation of duties, production change management, software development, incident handling, and data transmission integrity.
  • Understanding of technology use, trends and risks in a business context and environment.
  • Demonstrated experience working with regulatory requirements and standards (PCI-DSS, SOC, ISO, BSI, GDPR etc.) and frameworks (ISO, NIST, OWASP, etc.).
  • The ability to communicate complex security risks to non-technical staff
  • Work with business owners on remediation plans that address identified gaps.

Strong verbal and written communication skills and ability to influence others

The ideal candidate will also have the following qualifications and skills:
  • Successful track record of working with service providers to achieve business goals
  • Excellent planning ability and business acumen
  • Able to see the ?big picture? and contribute to development of operations runbook
  • Must be organized and goal/execution oriented
  • Enjoy a fast paced, high performance environment
  • Bachelor's Degree in MIS, Computer Science, or another related field.
  • At minimum one of the following industry certifications: CISSP, CRISC, CISA, CISM, CRMA or equivalent experience

Thanks & Regards
Pawan Kumar

** 10 time INC 500/5000, 10 time BBJ "Pacesetter ", 5 time SIA-fastest growing**
Pawan Kumar| Technical Recruiter |
TalentBurst, Inc.
Boston | San Francisco | Miami | Tampa | Toronto | New Delhi | Bangalore
Work: 647 559-2730, Mobile:414 214-1492| Email:
679 Worcester Road | Natick, MA 01760 |
Certified Minority Business Enterprise (MBE)