Project Manager

The IS Third Party Governance Lead effort is within company Information Security organization and will be responsible for the execution of companies third party governance and risk management program. The successful candidate will be responsible for building the program based on existing framework, managing and maintaining the program which will support company business efforts that pursue compliant third party solutions and services that will minimize risk at the direction of the company Information Security Risk Manager . The candidate must have strong skills in project management in conducting operational, process, and technical reviews, as well as awareness on privacy requirement for the US and Canada in order to perform privacy assessments. The candidate must also have the ability to communicate well, and be able to work in cross functional teams to coordinate risk, compliance, and regulatory management. This role requires someone to be highly tactical in their efforts. 

This position will provide overall project management and support to the IS, Legal, and Procurement and will assist with the development, implementation and on-going support of the corporate third party governance and risk framework, providing structured processes, tools, and assistance to business areas to capture, identify, evaluate, respond to, and report on vendor risk issues. Provide leadership to integrate security technology, operations and risk management. The Lead will additionally create and maintain an enterprise vendor pre-approval list and risk "heat map." 

Specifically, the Third Party Governance Lead will be expected to: 

• Maintains knowledge currency of security and related risk based areas and methods 

• Creates and executes risk and privacy review/consulting assessments 

• Assists in the development of team metrics, analyzes data, and takes appropriate action 

• Develop a global vendor threat, risk, vulnerability and risk remediation assurance and management program to identify, track, and remediate vendor security risks and vulnerabilities across the enterprise 

• Partners and collaborates with business and technology groups to deliver value through security review, assessment and consulting services 

• Interfaces with IS technology and Procurement, Legal, business areas 

• Reviews any exceptions to contract terms to determine a recommendation on acceptance or rejection 

Desired Qualifications 

• Certifications such as PMP, CISSP, CIPP, CRISC, CISM, CRCMP, CISA with 5-8 years of applicable experience in the Risk, Compliance or Audit field. The candidates should more than likely have at least 2 of the listed certifications. 

• Bachelor degree or equivalent work experience 

• Five to Six years of IS security experience including technology-related auditing, consulting, and privacy. 

• Subject matter expert level knowledge of both the business and technical aspects of security, including third party security risks (all types of vendors). 

• Strong broad-based technical background 

• High level of business acumen, preferably in CPG industry 

• Experience in a governance organization 

• Strong risk-based analysis and decision making skills 

• Ability to understand and analyze complex business processes and technologies to make sound recommendations 

• Project management experience 

• Ability to multitask and manage competing priorities 

• Process management, time management and organizational skills 

• Excellent interpersonal, customer service and relationship management skills 

• Excellent facilitation, negotiation and conflict management skills 

• Proven ability to effectively handle challenging clients and difficult political situations 

• Excellent written and verbal communication skills 

• Ability to create and implement new processes and procedures 

• Proficient use of personal computers and MS Office Suite 

• Ability to travel up to 10% (may need a passport) 

All your information will be kept confidential according to EEO guidelines.