Sr. Third-Party Security Risk Analyst

Overview

Use your customer service abilities, process management skills, knowledge of cyber and organizational security, along with an aptitude for legal implications of security terms to support the Third-Party Security Risk Management teams mission to respond to security assessments and policy reviews that clearly convey Esris positions on all aspects of security and satisfy the requirements of our customers.

You will be responsible for the accurate completion and timely delivery of customer security assessments, as well as policy and contractual security requirement reviews, working in collaboration with SMEs to ensure relevance and accuracy of all submitted security documentation, facilitating internal flow of project inputs, and managing production and submission of final product.

Being successful in this position requires superior analytical and organizational skills, attention to detail, excellent collaboration and communication skills, discipline for accuracy, confidence, discretion, good professional judgment, and personal initiative.

Depending on experience, you may also consult with account management staff and security team members on the organizations security posture and capabilities pertaining to sales opportunities and account strategies.

Responsibilities

• Use process management skills to help Esri develop a vendor risk management program capable of handling large scale risk review of its vendor ecosystem
• Collaborate with security SMEs, legal staff, and Global Business Development staff within Esri to operate and improve systems and procedures for Esris customer trust program
• Work with legal and contracts teams to address security requirements from our customers and to ensure our vendors are complying with Esri security requirements
• Establish workflows, process materials, and support legal teams with security term reviews and security-focused negotiation support when needed
• Receive, prioritize, and manage customer security requests (assessments, questionnaires, policy reviews, pen testing, documentation, contract terms review) and advise on course of action
• Perform a variety of support and general administrative assignments in support of the audits or auditors, including filing, data entry, and tracking / correspondence while following established standards and work processes
• Communicate between the business, technology and information security areas to validate questionnaire responses and for general requests associated with controls defined in standards and governing policies and procedures
• Review submitted questionnaires / policies and advise requestor on course of action
• Advise Esri staff on security and privacy requirements, with guidance from SMEs as needed, and maintain security knowledge base
• Act as a resource and facilitate responses to general audit inquiries associated with clients and compliance audits
• Successfully set priorities, perform tasks in an orderly fashion, and meet time deadlines

Requirements

• 5+ years of professional experience including general IT / Business responsibilities, customer / third-party interactions, Third-Party Risk Management (TPRM), IT Security and contracts / legal
• Bachelors in security, computer science, business, project management, or related field
• Proven experience providing exceptional customer service
• Aptitude for legal implications of security-focused contract terms
• Demonstrated experience developing or being a part of customer facing programs and / or cross functional business programs
• Strong ability to coordinate with technology team members for follow-up of implemented controls and support the collection and validation of evidence as part of the risk remediation process
• Experience influencing without authority, dealing with ambiguity, and balancing competing goals and objectives
• Understand business / IT security and risk management controls to include experience with governance risk and compliance (GRC) tools or processes
• Clear communication, strong collaboration, and finely tuned writing / editing skills

Recommended Qualifications

• Security + or equivalent security certification(s)
• Exposure to Esri technology, Esri project methodologies, and security topics
• Experience in supporting the completion of security or compliance reviews, third-party or customer questionnaires. and familiarity with Policy / Standard reviews
• Project management experience
• Demonstrated success with business relations in a service-oriented business environment
• Proficient with Salesforce, content management, or third-party questionnaire software such as Loopio
• Familiarity with third-party risk management platforms, such as CyberGRX
• SANS or equivalent security certification(s)

LI-NR5

LI-Hybrid

Total Rewards

Esris competitive total rewards strategy includes industry-leading health and welfare benefits : medical, dental, vision, basic and supplemental life insurance for employees (and their families), (k) and profit-sharing programs, minimum accrual of 80 hours of vacation leave, twelve paid holidays throughout the calendar year, and opportunities for personal and professional growth.

Base salary is one component of our total rewards strategy. Compensation decisions and the base range for this role take into account many factors including but not limited to skill sets;

experience and training; licensure and certifications; and other business and organizational needs.

A reasonable estimate of the base salary range is$87,-$, USD

About Esri

At Esri, diversity is more than just a word on a map. When employees of different experiences, perspectives, backgrounds, and cultures come together, we are more innovative and ultimately a better place to work.

We believe in having a diverse workforce that is unified under our mission of creating positive global change. We understand that diversity, equity, and inclusion is not a destination but an ongoing process.

We are committed to the continuation of learning, growing, and changing our workplace so every employee can contribute to their lifes best work.

Our commitment to these principles extends to the global communities we serve by creating positive change with GIS technology.

For more information on Esris Racial Equity and Social Justice initiatives, please visit our website .

If you dont meet all of the preferred qualifications for this position, we encourage you to still apply!

Esri is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.

If you need reasonable accommodation for any part of the employment process, please email and let us know the nature of your request and your contact information.

Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this e-mail address.

Esri takes our responsibility to protect your privacy seriously. We are committed to respecting your privacy by providing transparency in how we acquire and use your information, giving you control of your information and preferences, and holding ourselves to the highest national and international standards, including CCPA and GDPR compliance.