Focal Point Data Risk is a new type of risk management firm, one that delivers a unified approach to addressing data risk through a unique combination of service offerings. Focal Point has brought together industry-leading expertise in cyber security, identity governance and access management, data privacy and analytics, internal audit, and hands-on training services, giving companies everything they need to plan and develop effective risk and security programs. By integrating these services, we provide our clients with the flexible support they need to protect and leverage data across any part of their organization. Simply put, Focal Point is the next generation of risk management.
Our Privacy team has developed and implemented data privacy and information security programs for some of the nation’s largest and most complex organizations. Our clients represent industries in both the public and private sectors, including government agencies, domestic and global technology firms, global retail chains, financial services firms, and healthcare organizations. The Third Party and Vendor Risk Management Consultant is responsible for performing third-party due diligence vendor privacy and security reviews and assessments. He/she will be given the opportunity of a broad variety of solutions for our clients, such as designing and implementing third party and vendor governance and risk management programs.
He/she works on-site and off-site to evaluate client third party and vendor compliance with common industry standards and regulations. The Third Party and Vendor Risk Management Consultant must have working knowledge of information security controls, frameworks and standards, and federal and state privacy rules and regulations. He/she assists with drafting deliverables, frequently interacts with client personnel, and is expected to be active participant in client-focused project teams.
- Focus on third-party due diligence responses as well as third-party due diligence vendor privacy and security reviews and assessments.
- Perform due diligence process, including customize third party and vendor risk management questionnaires, follow up/validate responses with third parties and vendors and perform the assessments on assigned third parties.
- Collaborate with clients to assist them in effectively managing their risks related to identification of potential risks in business processes, applications, systems, associated with third party engagements.
- Conducts project related privacy and security risk assessments and privacy and security audits.
- Interacts effectively with co-workers and clients at all levels, as to foster and maintain strong working relationships.
- Performs other duties as assigned by management.
- 2+ years working in a consulting role as a Data Privacy or Third Party and Vendor Risk Management consultant or related field experience (e.g. IT Audit)
- Experience with third party party/vendor risk management assessments.
- Experience interpreting international, federal and state privacy regulations.
- Working with technical, security controls and operational risk tolerance.
- Experience performing privacy and/or security gap assessments.
- Knowledge of the international, federal and state rules, regulations, and guidance related to security and privacy including but not limited to ISO, HIPAA, GLBA, GDPR, and NIST
- Intermediate to Advanced Microsoft Office Suite (i.e., Word, Excel, PowerPoint).
- A Bachelor's Degree in information systems, computer science or a related field.
- Obtained or working towards Certified Information Privacy Professional (CIPP) certification
- Obtained or working towards obtain Certified Information Systems Auditor (CISA)
Travel Required: Regional and international travel, as needed, up to 35%
Benefits: Medical, Dental, Vision, 401K, generous PTO and some other great perks!
Application Submission Information: