Download App | FOLLOW US ON SOCIAL MEDIA
 Upload Your Resume   Employers / Post Jobs 

Attorney in Culver City, CA

Sony Pictures Digital Inc. May 21,2016 Nov 16,2015 Location Culver City CA
This job is expired...

In-House

Attorney

Litigation - Whistleblower - CFTC

Other

1-3 yrs required

Profile

Manager, Information Security – 3rd Party Risk Management Responsibilities: Perform risk assessment and control reviews of third parties and services. This includes the identification of security risks and gaps, risk evaluation and business impact analysis of the identified gaps, formulating remediation recommendations based on internal standards and industry best practice. Comprehensive documentation of the identified gaps and related risk from the technical as well as from the business perspective. Review third party policies related to Information Security, comparison and gap analysis to internal security policies and requirements. Manage and maintain an effective third party risk management program across multiple business units. Provide functional support to business units on third party risk management including third party risk assessment process and technology to complete legal and procurement due diligence. Provide subject matter expertise to Contract Managers, Business Unit Managers, and third party relationship Managers to ensure third party risk management program is in compliance with applicable regulations or policies. Collaborate, develop and support the systems and tools to manage third party risk; Support ongoing third party risk monitoring initiative. Manage and maintain a third party risk management database for retention of key risk and mitigation information. Keep current on changes in federal and state laws and regulations impacting the area of responsibility and ensure that applicable changes in policies and procedures are updated and communicated in a timely manner. Conduct training and awareness campaign on third party risk management program to employees, contractors, and third parties. Prepare and present regular reports as required, including the management of all meaningful statistics relating to third party risk management.

Qualification and Experience

Qualifications : BA Degree and CISSP. CISA (Certified Information Systems Auditor). IT/Security Vendor Certifications (e.g. Cisco, Microsoft, RSA). Juris Doctor degree. ISO27001 Lead Auditor or similar. 1-3 years of related experience in third party risk or contract management. Experience with vendor management, compliance issues relating to vendor due diligence, and vendor risk monitoring. Experience with ISO27001 standard. Experience in regulatory compliance. Experience in managing change effectively while maintaining a focus on standard or business-as-usual activities. Strong working knowledge of relevant assessment frameworks and/or standards (e.g., ISO/27000 Series, Shared Assessment, SOC2 ). Solid understanding of Risk Management principles and experience in risk management. Strong leadership skills; sound judgment and analytical skills. Strong follow-up, attention to detail, and organizational skills and the ability to manage priorities effectively. Strong organizational, project management and multi-tasking skills with a successful track record of managing expectations, delivering results, and meeting milestones and deadlines. Experience in developing and documenting policies & procedures, including workflow process improvements. Excellent project management and presentation skills. Demonstrate strong organizational and attention to detail skills. Ability to communicate and operate in a complex global organization and promote the adherence to corporate policy goals while building working relationships with senior management and third party. Ability to write and communicate clearly and effectively. Ability to work independently as well as in a team environment, and foster collaboration. Take on new responsibilities and influence others as needed to deliver consistent results. Pick up new skills through self-learning and on the job training. Manage competing priorities while maintaining organized and detailed reporting of status and progress.

Company info