Experienced Full Stack Cybersecurity GRC Professional – Remote Third-Party Risk Management and Compliance Specialist at arenaflex

Introduction to arenaflex

arenaflex is a leading organization in the cybersecurity industry, dedicated to protecting its assets and ensuring the security of its operations. As a pioneer in the field, arenaflex is committed to staying ahead of the curve, leveraging cutting-edge technology and innovative solutions to mitigate risks and threats. With a strong focus on governance, risk, and compliance (GRC), arenaflex is seeking an experienced cybersecurity professional to join its team as a Third-Party Risk Management and Compliance Specialist.

Job Overview

The successful candidate will be responsible for guiding GRC-related activities, ensuring the clean execution of various tasks, and assisting in the management of internal security compliance requirements and implementation of regulations, tactics, and frameworks. This is an exciting opportunity to contribute to the cybersecurity efforts of arenaflex from the comfort of your own home, working remotely in a part-time or full-time capacity.

About the Team

The cybersecurity team at arenaflex consists of experienced professionals who formulate and implement techniques and recommendations to help the organization align with its business goals while managing risks effectively and meeting industry guidelines and standards. The team works on cutting-edge technology and innovations in the area of cybersecurity to ensure the security and integrity of arenaflex's operations.

Reporting Structure

The successful candidate will report to the Manager (Governance, Threat, and Compliance), Cyber and Statistics Safety, and will be responsible for collaborating with various stakeholders to ensure the effective management of third-party risk and compliance.

Key Responsibilities

• Third-Party Risk Management (TPRM) software management and maintenance
• Assisting in the development and implementation of arenaflex's global third-party/internal risk method for conducting cyber risk-related due diligence exams
• Validating incoming third-party/internal risk assessment requests and operating with business stakeholders to confirm the details of the request and the scope of the engagement
• Conducting kick-off sessions with business stakeholders and related third-parties for conducting the TPA
• Coordinating the distribution of due diligence questionnaires to internal stakeholders/third-parties, reviewing submitted questionnaires for completeness, and identifying risks arising from the current design and operational effectiveness of the internal/third-party's security controls
• Filing responses, associated findings, and remediation plans in arenaflex's systems
• Drafting/reviewing reports for the checks performed and ensuring respective business stakeholders finalize reviews
• Acting as a strong liaison to ensure any queries are responded to concerning the risk control technique and evaluation to the business or third-parties as required
• Carrying out continuous monitoring of third-parties via arenaflex's systems for current/new findings and tracking any findings to closure
• Identifying opportunities for improvement within arenaflex's systems and strategies
• Working closely with the Risk Lead/Supervisor to schedule and execute a range of different supporting activities related to the risk management program

Governance, Risk, and Compliance

• Leading and assisting in the development of cybersecurity risk and compliance-related strategies to ensure treatment of cybersecurity risk consistent with arenaflex's risk appetite
• Maintaining and documenting compliance towards information security-related guidelines and processes through planning, testing, remediating, monitoring, and reporting on control reviews and risk assessments
• Leading the development and delivery of compliance and risk education and ongoing communications that support a culture of security and compliance
• Staying abreast of regulatory changes, new guidelines, technology, and internal policy modifications to further identify new key risk areas
• Leading the efforts to maintain and guide ISO 27001 certification

Competencies and Attributes for Success

The successful candidate will possess a strong understanding of information security-related best practices and requirements, including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements, and others. They will have experience in the management of risk, controls, and compliance, as well as expertise in risk evaluation methodologies (qualitative/quantitative). The candidate will also have excellent stakeholder management, analytical, and problem-solving skills, with the ability to navigate rapid-paced environments and be flexible with working hours.

Personal Attributes

• Strong interpersonal skills
• Ability to communicate effectively, both verbally and in writing
• Adaptability to changing conditions and ability to drive high-quality change

Preferred Education and Experience

The ideal candidate will have a relevant Bachelor's/Master's degree from an accredited university or equivalent experience. They will have at least 4 years of experience in third-party risk management, information security, and audit & compliance tracking (minimum of 2-3 years in TPRM/internal audit). Preferred experience includes working with a large company and/or large four accounting firm, with one or more credentials such as CISA, CRISC, ISO27001 L.I, CISSP. Experience in AI/ML is a plus.

Career Growth Opportunities and Learning Benefits

At arenaflex, we are committed to the growth and development of our employees. As a Third-Party Risk Management and Compliance Specialist, you will have the opportunity to work with a talented team of professionals, develop your skills and expertise, and contribute to the success of our organization. You will also have access to ongoing training and development programs, as well as opportunities for career advancement and professional growth.

Work Environment and Company Culture

arenaflex is a dynamic and innovative organization that values its employees and is committed to creating a positive and supportive work environment. We believe in fostering a culture of collaboration, creativity, and continuous learning, and we are dedicated to helping our employees achieve their full potential. As a remote worker, you will be able to work from the comfort of your own home, with flexible working hours and a range of benefits and perks.

Compensation, Perks, and Benefits

arenaflex offers a competitive salary and benefits package, including a range of perks and benefits such as flexible working hours, remote work options, and ongoing training and development programs. We are committed to recognizing and rewarding the contributions of our employees, and we offer a range of incentives and benefits to support their well-being and career growth.

Conclusion

If you are a motivated and experienced cybersecurity professional looking for a new challenge, we encourage you to apply for this exciting opportunity to join arenaflex as a Third-Party Risk Management and Compliance Specialist. With a competitive salary, flexible working hours, and a range of benefits and perks, this is a unique chance to contribute to the success of our organization and develop your skills and expertise in a dynamic and innovative environment. Apply now to take the first step in your new career!

Apply Now