Third Party Risk Analyst
Estée Lauder Companies GmbH
Panamá, Panamá, PA
hace 4 días

Third Party Risk Analyst

Description

Grow your career with The Estée Lauder Companies!

The Estée Lauder Companies Inc. is one of the world's leading manufacturers and marketers of quality skin care, makeup, fragrance and hair care products. As the global leader in prestige beauty, we touch over half a billion consumers a year.

Our Company's products are sold in over 150 countries and territories under the following brand names AERIN, Aramis, Aveda, Bobbi Brown, Bumble and bumble, By Kilian, Clinique, Darphin, Donna Karan, DKNY, Dr. Jart , Editions de Parfums Frédéric Malle, Ermenegildo Zegna, Estée Lauder, GLAMGLOW, Jo Malone London, Kiton, La Mer, Lab Series, Le Labo, MAC, Michael Kors, Origins, Prescriptives,Smashbox, Tom Ford, Tommy Hilfiger and Too Faced.

Infused throughout our organization is a passion for creativity and innovation; a desire to push the boundaries and invent the unexpected.

Position Overview: 

Member of the Enterprise Cybersecurity and Risk team with responsibility for execution of the TPRM (third-party risk management) program. Perform cyber risk-based assessments which document key risk areas for third-party vendors. Work with both internal Cybersecurity and Vendor points of contact to develop remediation plans and track resolution status.

Roles & Responsibilities: 

 

  • Partner with program leads to identify vendor due diligence requirements and ensure vendor inventory and status is kept up to date
  • Able to review vendor due diligence materials (i.e., SOC1/SOC2, Vulnerability Scan, ISO 27001, etc.) and identify potential risks
  • Familiarity with the difference between SaaS and COTS based applications and the unique risks of each
  • Awareness of emerging cyber threats including zero-day vulnerabilities and supply chain related risks
  • Able to understand details of vendor’s cyber security program and identify where gaps exist with internal company policy requirements
  • Ability to perform root cause analyses on issues identified and clearly articulate to a less technical user
  • Identify potential vendor related issues and follow up with internal stakeholders and external vendor to develop remediation plan for unresolved issues
  • Able to triage use cases and prioritize risk based on scope and impact
  • Produce risk assessment reports and work with vendors to implement remediation responses
  • Work with brands, procurement, supply chain, R& D and others to document specific use cases and third-party engagements
  • Work with program lead and legal/privacy team to identify required contract security provisions to remediate risks identified in vendor assessment
  • Experience with industry-recognized Cyber, Privacy, Governance, Risk and Compliance (GRC) applications
  • Experience with Shared Assessments (https://sharedassessments.org/) methodology including use of their Standardized Information Gathering (SIG) questionnaire
  • Professional verbal and written communications
  • Able to develop effective relationships with all levels of internal and external stakeholders

Qualifications

  • Experience in Information Technology and Cyber Security highly desired
  • Internal Audit related experience a plus
  • Skills: IT Audit, Risk Assessment, Cybersecurity, SOX compliance, GxP Compliance, SOC1, SOC2, ISO 27001 certification

 

Additional Requirements

  • Bachelor's Degree required
  • Minimum Years of Experience: 3 years
  • Excellent written and spoken English, and Portuguese 

Additional Details

  • Work shift: Monday to Friday. Business hours
  • Contract-type: Full-Time Permanent.
  • Location: Costa del Este, Panamá.
Reportar esta oferta
checkmark

Thank you for reporting this job!

Your feedback will help us improve the quality of our services.

Inscribirse
Mi Correo Electrónico
Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
Continuar
Formulario de postulación