The opportunity:
under limited supervision, responsible for the planning, design and build of security architectures; oversees the implementation of network and computer security and ensures compliance with corporate cybersecurity policies and procedures. Monitors cybersecurity requirements for local area networks (lans), wide area networks (wans), virtual private networks (vpns), routers, firewalls, and related network devices. Performs security assessments of applications and systems using penetration and vulnerability testing and risk analysis. Configures and installs firewalls and intrusion detection systems. Implements software fixes (patches) to remove system vulnerabilities. Responds immediately to cybersecurity-related incidents and provides a thorough post-event analysis. Investigates intrusion incidents and conducts forensic investigations.
key responsibilities:
* third-party risk assessments:
o lead and conduct thorough security assessments of vendors and suppliers to evaluate their information security posture and practices.
o assess third-party compliance with the company's security requirements and industry standards (e.g., iso 27001, soc 2, nist, gdpr, hipaa).
o review and analyze security questionnaires, audit reports, and vendor responses to identify risks and gaps.
* risk mitigation and remediation:
o identify, document, and prioritize security risks associated with third-party vendors and suppliers.
o work with vendors to develop action plans and remediation strategies to address security gaps or vulnerabilities.
o monitor and track the implementation of corrective actions to ensure timely resolution.
* vendor management and collaboration:
o collaborate with procurement, legal, and vendor management teams to integrate security requirements into vendor contracts and service-level agreements (slas).
o ensure that security and compliance requirements are included in vendor contracts, and that vendors meet agreed-upon security standards throughout the engagement lifecycle.
* compliance monitoring:
o monitor and track the ongoing compliance of vendors with the company's security policies and industry regulations.
o provide regular updates and reports to senior management on the status of third-party security risks and compliance.
o stay current on changes in security regulations and standards and ensure third-party compliance with evolving legal and regulatory requirements.
* security audits and documentation:
o manage and perform security assessments of third-party vendors and suppliers to validate their security posture and controls.
o maintain comprehensive records of risk assessments, vendor assessments, audit findings, and corrective actions taken.
* continuous improvement:
o develop and refine third-party risk management processes, tools, and templates to streamline assessments and improve efficiency.
o stay informed on emerging security threats and trends to proactively address new risks posed by third-party vendors.
* training and awareness:
o educate internal teams on third-party risk management best practices and ensure alignment with overall security objectives.
o provide guidance and support to vendors as needed to improve their security posture.
qualifications:
1. education:
* bachelor's degree in information security, information technology, business administration, or a related field. A master's degree is a plus.
2. experience:
* 4+ years of experience in information security, with a focus on third-party risk management, vendor risk assessments, or related fields.
* demonstrated experience in assessing and managing third-party security risks and compliance requirements.
* familiarity with industry standards and frameworks such as iso 27001, nist, soc 2, gdpr, and hipaa.
3. certifications:
* certifications such as cissp, cism, cisa, crisc, or similar security-focused certifications are strongly preferred.
* skills:
o strong analytical skills with the ability to assess complex security risks and develop risk mitigation strategies.
o excellent communication skills, with the ability to work effectively with both technical and non-technical stakeholders.
o proficiency in using risk management tools, frameworks, and security assessment methodologies.
o strong attention to detail and the ability to prioritize tasks effectively.
o ability to influence and collaborate with external vendors to implement security best practices.
preferred qualifications:
* experience in managing third-party risks in regulated industries (e.g., healthcare, finance, or government).
* familiarity with third-party risk management platforms and tools.
* strong project management skills and the ability to handle multiple vendor assessments simultaneously.
disclaimer: the above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position. Avantor is proud to be an equal opportunity employer.
why avantor?
dare to go further in your career. join our global team of 14,000+ associates whose passion for discovery and determination to overcome challenges relentlessly advances life-changing science. The work we do changes people\'s lives for the better. It brings new patient treatments and therapies to market, giving a cancer survivor the chance to walk his daughter down the aisle. It enables medical devices that help a little boy hear his mom\'s voice for the first time. Outcomes such as these create unlimited opportunities for you to contribute your talents, learn new skills and grow your career at avantor. We are committed to helping you on this journey through our diverse, equitable and inclusive culture which includes learning experiences to support your career growth and success. At avantor, dare to go further and see how the impact of your contributions set science in motion to create a better world.
eeo statement:
we are an equal employment/affirmative action employer and vevraa federal contractor. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected veteran status, or any other characteristic protected by federal, state/province, or local law.
if you need a reasonable accommodation for any part of the employment process, please contact us by email at recruiting@avantorsciences.com and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.
for more information about equal employment opportunity protections, please view the know your rights poster.
#j-18808-ljbffr