It Security Program Manager - Third Party Cyber Security Risk
CurrentDesigned and implemented a comprehensive, global Third-Party Cybersecurity Risk Management (TPCRM) program from inception. Key responsibilities and achievements included:Conducted extensive risk assessments to identify potential cybersecurity threats with third-party vendors, utilizing frameworks such as NIST CSF v1.1, ISO 27001, and more. Developed and documented detailed policies, procedures, and standards for third-party cybersecurity risk management, including guidelines for vendor selection, onboarding, and continuous monitoring.Leading collaboration with IT, legal, procurement, and compliance teams to align the TPCRM program with organizational goals and regulatory requirements. Implemented a vendor risk assessment tool to streamline evaluation and enable continuous monitoring. Integrated the tool with existing systems to automate workflows and improve efficiency.Developed and delivered training programs to educate employees and third-party vendors on cybersecurity best practices and compliance requirements. Created engaging materials such as e-learning modules, webinars, and workshops. Established a continuous monitoring framework to track third-party cybersecurity practices and identify emerging risks. Developed and implemented a comprehensive cyber incident management process involving cross-functional stakeholders. Managed the cyber incidents triage process and ensured timely follow-up on business impact. Conducted post-incident reviews and root-cause analyses.Ensured adherence to NIST CSF v1.1, achieving a score of 3.9 in 2023. Reduced third-party cybersecurity risks, enhancing security posture and achieving compliance with regulations (e.g. GDPR, SOX, etc). Fostered a culture of cybersecurity awareness and proactive risk management. Improved the organization’s ability to respond to and recover from cyber incidents, minimizing business impact and ensuring continuity of operations.