Senior Third-Party Cyber Risk Specialist

Senior Third-Party Cyber Risk Specialist

Requirements

• Bachelor’s Degree or equivalent work experience in a relevant field.
• Minimum three years’ experience in third-party risk management, vendor management, security incident response, cyber risk management or comparable field required.
• Strong understanding of cybersecurity principles, including application security, access control, and incident response.
• Knowledge of compliance and regulatory frameworks (e.g., NIST, SOC 2, GDPR, ISO 27001).
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-function teams.
• Ability to work independently and manage multiple assignments/projects simultaneously.
• Experience conducting vendor risk assessments.

Responsibilities

• Manage incoming client requests (such as assessments, questionnaires, etc.), prioritize and triage requests to appropriate teams, and validate non-disclosure agreements.
• Facilitate communication between business, legal, technology, and information security teams to validate questionnaire responses and fulfill general requests related to controls defined by Cboe’s standards and policies.
• Serve as a point of contact for internal stakeholders for client due diligence inquiries, ensuring timely and accurate responses.
• Function as the subject matter expert for the response management software used for managing and responding precisely and quickly to client due diligence questionnaires.
• Manage and maintain a standardized library of responses for client due diligence questionnaires, ensuring accuracy and consistency.
• Collaborate with internal experts to update and refine responses as needed.
• Assist team with onboarding new vendor relationships.
• Collect, review, and process information and documentation from third party vendors/suppliers.
• Conduct third-party risk assessments and due diligence reviews. Analyze security information to identify significant control or security gaps and report findings to senior team members.
• Perform comprehensive security reviews of potential and existing third-party vendors using questionnaires and security tools to evaluate their cybersecurity controls and identify potential risks.
• Analyze identified risks from third parties and prioritize them based on their potential impact and likelihood of occurrence; create remediation plans accordingly.
• Continuously monitor third-party vendors’ security posture through regular assessments, vulnerability scans, and incident reporting to maintain a consistent level of security.
• Coordinate with internal security team to respond to cyber incidents involving third-party vendors, providing necessary support for investigation and remediation.
• Assist with regulatory exams by obtaining documentation and drafting response to regulator inquiries.
• Perform additional activities as needed.

Preferred Qualifications

• Experience with third party/vendor risk management platforms a plus.