This job is closed
We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.
IT Manager, Third Party Risk
Brookfield Residential Properties - New York, NY
posted 8 days ago
About the position
We are seeking an IT Manager, Third-Party Risk to join the Brookfield Properties U.S. Office Division in New York, NY. In this role, you will play a key part in inspiring change and continual improvement. If you are committed to excellence and ready to contribute to a dynamic culture, we would love to meet you. The IT Manager, Third-Party Risk will join our Information Security team. Reporting directly to the Director of IT GRC, this pivotal role will oversee the operational and strategic aspects of our third-party cyber risk program. We seek a self-driven leader with a passion for process improvement and the ability to serve as a subject matter expert in vendor and compliance risk management.
Responsibilities
- Independently conduct thorough third-party information security risk assessments, due diligence, and ongoing oversight of third-party services to ensure compliance and security
- Collaborate with third parties and internal partners to develop and implement corrective action plans, mitigating and resolving third-party risks effectively
- Play a vital role in shaping the department's overall strategy, processes, and approaches, demonstrating strong expertise in cybersecurity and compliance
- Collaborate seamlessly with leadership, multiple internal organizations, external parties, legal, compliance, IT, and business units to leverage relationships, address priority issues, proactively identify, and promptly mitigate risks associated with third-party engagements
- Drive process innovation, including activities like automation, and lead initiatives to enhance the efficiency, effectiveness, and operational capabilities of the third-party risk management program
- Establish and maintain a comprehensive third-party risk register to address potential vulnerabilities across significant risk areas
- Review contractual agreements to ensure proper provisions are included to protect company data in third-party engagements
- Administer program procedures, tools, and related support materials to maintain consistent and effective risk management practices
Requirements
- Bachelor's degree in Business, Computer Science, Information Technology, or related field. Related certifications (e.g., CISA, CISSP, CRISC) will be helpful
- 7+ years of combined IT and experience in third-party risk management in a global company
- Professional information security experience, including conducting comprehensive third-party risk assessments
- Act as a subject matter expert on third-party risk management, providing guidance and training to internal stakeholders
- Strong knowledge in understanding and ability to review and analyze SOC reports
- Strong knowledge of industry standards and regulations, including ISO 27001, NIST, GDPR, PCI, SOX, and other data/privacy regulations and standards
- Strong understanding and practical experience in implementing risk management frameworks, covering areas such as vulnerabilities, threats, and controls
- Extensive knowledge of data security, access control systems, and related matters
- Ability to deliver regular reports and updates to senior management on the status of third-party risk management efforts, including establishing KPIs and metrics to gauge program effectiveness
- Detail-oriented with excellent analytical, problem-solving, and organizational skills, coupled with strong communication abilities (both written and verbal)
- Proven ability to work independently and in a team environment
- Ability to coordinate and perform multiple tasks/projects simultaneously, balancing priorities and deliverables
Nice-to-haves
- Experience with the OneTrust third-party risk management module is a plus
- Knowledge of PowerBI is a plus
