Senior Analyst, TPRM
Aptiv is enhancing its TPRM program in the Risk, Compliance and Resilience organization. The goal of the program is to regularly assess, monitor, and manage the risk associated with third parties who possess or access Aptiv’s information systems and data. The TPRM Analyst will work under the direction of the TPRM Manager to execute the operational processes and tasks within Aptiv’s TPRM program. Day to day activities include managing security risk assessments and obtaining necessary data from third parties to assess their security posture.
Key Job Responsibilities
- Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility.
- Request and review of questionnaires completed by the third party describing their environment and controls.
- Review of third party provided due diligence documentation, including audit reports, certifications, whitepapers, policies and procedures and other documentation.
- Participate in contract reviews, redlining, and negotiations with third parties for contractual information security requirements and provisions (buy side and sell-side).
- Maintain and enhance the administration of issue monitoring and exception tracking and, where necessary, facilitate remediation actions to improve overall third-party performance to meet business needs.
- Collaborate with Aptiv Sourcing organizations and the other Risk Organizations such as Compliance and Privacy in the process of supporting the program.
- Work in a self-directed, collaborative, and constructive manner with the business units and our internal stakeholders to enhance the effectiveness of TPRM processes and controls.
- Build effective relationships with stakeholders who own and support key third party relationships. Gain commitment from stakeholders to help manage and improve the risk posture of these third parties.
- Monitor and maintain Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for appropriate escalation to stakeholders.
- Coordinate the vendor risk management program, including administration of vendor risk management tools, and management of workflows for vendor risk assessments.
- Ensure the vendor procedures are updated and satisfy regulatory, best practice, and industry requirements.
- Identify areas of improvement in the vendor and contract risk management program.
- Respond to client, partner, and federal security inquiries such RFPs, RFIs, security questionnaires, ad hoc questions, and contract language for cybersecurity compliance.
- Certification from an accredited security organization aligned to the position CISSP, CRISC, CISA or CISM preferred.
- 5+ years of working experience in information security and/or IT Risk Management.
- 3+ years of Cybersecurity Third-Party management experience.
- Highly motivated individual with experience in designing and implementing risk assessment processes.
- Flexible and able to work multiple projects under a tight deadline.
- Familiar with compliance regulations, IT, security and cloud frameworks and standards (e.g. NIST 800-53, CSF, ISO/IEC 27002, TISAX, CSA CCM).
- Experience solving complex, systemic issues that require creative thinking and solutions.
- Demonstrated knowledge of vendor cyber risk management and the best practices of a cyber security program.
- Technically proficient in the collection of artifacts, processing and review of documentation, and assessment of risk.
- Strong project and time management skills.
- Strong leadership skills to drive the adoption of vendor cyber risk management program.
Nice to have:
- Bachelor’s Degree in Computer Science or a related field with a specialization in information security
Privacy Notice - Active Candidates: https://www.aptiv.com/privacy-notice-active-candidates
Aptiv is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender identity, sexual orientation, disability status, protected veteran status or any other characteristic protected by law.