iHeartMedia - Virtual, NC
posted 4 days ago
Full-time - Mid Level
Virtual, NC
Broadcasting and Content Providers
About the position
The Senior Analyst will play a strategic role in overseeing the organization's Third-Party Risk Management (TPRM) program. This senior-level position is responsible for conducting and managing comprehensive risk assessments, establishing, and maintaining risk frameworks, and ensuring that third-party vendors comply with security, legal, and regulatory requirements. The role involves leading cross-functional teams in identifying, assessing, and mitigating risks across various business processes, ensuring alignment with industry standards and regulations.
Responsibilities
- Oversee Third Party Risk Management (TPRM): Lead the TPRM program by conducting thorough assessments of third-party vendors and service providers, ensuring they meet the organization's security and compliance standards, and tracking their risk posture over time.
- Collaboration with Internal Teams: Partner with internal teams such as IT, Legal, Procurement, Privacy and Information Security to ensure risks are identified, reported, and mitigated, and that third-party relationships are aligned with corporate governance policies.
- Vendor Risk Management: Perform in-depth reviews of third-party vendor contracts, service level agreements (SLAs), and compliance documentation to ensure risk mitigation strategies are in place, including proper data protection, disaster recovery, and security control measures.
- Policy and Governance Development: Lead the creation and refinement of policies, procedures, and standards for TPRM and enterprise risk management to ensure they are up to date with industry best practices and regulatory requirements (e.g., SOX, HIPAA, GDPR, CCPA).
- Lead Third-party risk assessments and monitoring.
- TPRM Risk monitoring and status tracking.
- Collaboration on risk mitigation strategies.
- Regular reporting and risk analytics.
- Risk assessments for new and/or existing 3rd parties vendors projects and initiatives.
- Lead any inbound assessments.
Requirements
- Acts responsibly with sensitive and confidential information.
- Is creative and resourceful as a problem solver.
- Consistently demonstrates the drive to deliver successfully even under difficult timelines.
- Has strong analytical, methodical, investigative and auditing skills.
- Knows when to make practical rational decisions that reduce risk to iHM information and Information systems.
- Good written and verbal communications skills.
- Good technical writing skills.
- A critical logical thinker who is efficient and methodical.
- Background in a security governance model such as NIST, ISO, and PCI.
- Experience in developing cybersecurity policies and procedures.
- Familiarity with risk management frameworks.
- Familiarity with Asset Management.
- Able to define and understand various lines of business and the relationship to cybersecurity roles, responsibilities, and risk management decisions.
- Familiarity with access control management and strategies.
- Able to manage vulnerability remediation through use of mitigation strategies.
- Familiarity with security control assessments and procedures.
- Ability to perform audits of systems, software, and security controls.
- Familiarity with administering a corporate security awareness training program.
- Experience with vetting vendors and vendor management.
- Familiarity with legal and regulatory compliance requirements.
Nice-to-haves
- Respect for others and a strong belief that others should do this in return.
- Full proficiency and understanding of job function.
- Ability to work independently with minimal guidance.
- In-depth knowledge of key business drivers and how this impacts your team.
- Experience in team and project management for mid-sized projects.
- Ability to recognize and mitigate risk.
- Confidence to solve complex problems using multiple sources of information.
- Growth mindset and desire for continued knowledge sharing and learning.
- Understanding of impact of your own decisions.
- Ability to identify new opportunities for continued improvement across business.
- Comfort acting as a trusted advisor for colleagues with less experience.
- Ability to manage complex and confidential information and to influence others to build consensus across all levels.
Benefits
- Employer sponsored medical, dental and vision with a variety of coverage options.
- Company provided and supplemental life insurance.
- Paid vacation and sick time.
- Paid company holidays, including a floating holiday that enable our employees to celebrate the holiday of their choosing.
- A Spirit day to encourage and allow our employees to more easily volunteer in their community.
- A 401K plan.
- Employee Assistance Program (EAP) at no cost - services include telephonic counseling sessions, consultation on legal and financial matters, emotional well-being, family and caregiving.
- A range of additional voluntary programs, such as spending accounts, student loan refinancing, accident insurance and more.
