Learn what makes QTS a unique place to grow your career! (https://vimeo.com/727409140/ff26de87d4)
The Senior Manager, Third Party Risk and Compliance Solutions provides expert third party risk management leadership and implements risk management solutions across the QTS enterprise. This role will implement an effective third-party risk management program to include leading a team of third-party risk analysts. The role will be responsible for implementation of policies, as well as a comprehensive controls framework with enterprise-wide Third-Party Risk Management.
The Senior Manager is a subject matter expert across corporate third-party services and dependencies and will provide consultative insight and risk reduction recommendations to business units relying on third parties in their operations. Additionally, this role will support the company’s overall IT and security governance, risk management and compliance program with third-party vendors.
This role consults and provides input to the comprehensive list of organization third-party providers, applications, and services from the time of onboarding through termination. In addition, this role will ensure the company’s technical systems, data, intellectual property, and information assets are protected.
RESPONSIBILITIES, other duties may be assigned.
As part of the risk management process, work in tandem with the security and business teams to evaluate third-party vendors, applications, and services used organization wide.
Supports and can articulate the vision, mission and strategy of risk management and how it relates to Third-Party suppliers/vendors.
Highlight strengths and areas for improvement related to organizational security posture, and risk management treatment, tolerance, and acceptance program.
Formulate third-party processes, policies, and documentation, with emphasis on privacy, data handling, security, business resiliency and compliance framework requirements.
Understand and balance business risk with the need to ensure controls do not weaken efficiencies or business innovation.
Obtain third party documents and assist in documentation of remediation action plans as directed; and monitor action plans through resolution.
Perform due diligence assessments of potential third-party vendors to evaluate their risk profile, including their security controls, compliance with regulatory requirements, financial stability, and overall reliability.
Monitor and evaluate the ongoing performance of third-party vendors to ensure compliance with contractual agreements, industry standards, and regulatory requirements.
Maintain a strategy for managing security-related third-party assessments, including compliance checks and external assessment processes for risk management.
Oversee vendor SLAs, recovery point objectives and recovery time objectives.
Document each third party’s use of cybersecurity insurance and adherence to breach notification requirements, as well as their third-party audit results and attestation
Evaluate third party maturity using ISO, the Cybersecurity Maturity Model Certification, NIST, GDPR and others.
Gauge third parties against their processes and use of threat intelligence and technologies defending against ransomware, denial of service, application vulnerabilities and other emerging threats.
Ensure required risk management activities and control weaknesses are identified prior to contract execution with third party provider, or appropriate risk acceptance is documented and approved.
Support the development of third-party scorecards, along with monitoring results, metric reporting, and preparing and presenting reports to senior management.
Builds strong and inclusive working relationships, in person and virtually, with business partners and colleagues.
Remain highly focused on principles aligning with operational and enterprise risk management fundamentals within security and technology teams.
Function as a liaison with internal and external auditors to manage controls for compliance and privacy laws.
BASIC QUALIFICATIONS
Bachelor’s degree in information systems or information technology, Computer Science, Risk Management, or professional equivalency
Seven or more years professional experience related to Third Party Management, vendor risk management, cyber risk management and/or procurement.
Five or more years’ experience leading teams to drive strategic objectives.
One or more relevant professional certifications, such as ISO 27001, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISM), Certified Information Systems Security Professional (CISSP), Certified Regulatory Vendor Program Manager (CRVPM) or Certified Third-Party Risk Professional (CTPRP), Certified in Risk and Information System Control (CRISC)
PREFERRED QUALIFICATIONS
Master’s degree in related field
A thorough understanding of network and system-based attack vectors
Knowledge of Managed Services Provider Industry
Working knowledge of various compliance regulations and IT/security frameworks/standards (e.g., PCIDSS, HIPAA, FedRAMP, FFIEC, FINRA, ISO20000, ISO27000, ITILv3, NIST, SAS70).
KNOWLEDGE, SKILLS, AND ABILITIES
Deep understanding of information cyber security and risk framework standards
Knowledge of risks related to IT application development and infrastructure maintenance, IT security, business continuity and disaster recovery, emerging technology platforms (e.g., AI), and cloud services.
Competencies in vulnerability management, threat intelligence, insider threats and attacker tactics, techniques, and procedures (TTPs)
Knowledge and experience with laws, regulations, guidelines, and frameworks that mandate information security and information risk management requirements such as NIST, ISO27001, HITRUST, PCI DSS, SOC 2 and CMMC
Excellent written and oral communication skills with experience writing policy and procedural documentation.
Experience with using GRC technologies, risk management, reporting tools, along with Microsoft software applications.
Initiative-taking, collaborative individual with excellent oral and written communication skills
Strong people skills to build/maintain ongoing business relationships with team members, vendors, and clients at all levels of an organization.
A capacity to thrive in a dynamic environment where daily priorities can change frequently.
Critical thinking
Determination and persistence to resolve sensitive cybersecurity events and incidents.
Ability to manage time efficiently.
We conform to all the laws, statutes, and regulations concerning equal employment opportunities and affirmative action. We strongly encourage women, minorities, individuals with disabilities and veterans to apply to all of our job openings. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, or national origin, age, disability status, Genetic Information & Testing, Family & Medical Leave, protected veteran status, or any other characteristic protected by law. We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer or the government, or against any individuals who assist or participate in the investigation of any complaint or discrimination claim.
The "Know Your Rights" Poster is included here:
Know Your Rights (English) (http://www.eeoc.gov/sites/default/files/2022-10/22-088_EEOC_KnowYourRights_10_20.pdf)
Know Your Rights (Spanish)
The pay transparency policy is available here:
Pay Transparency Nondiscrimination Poster-Formatted (https://www.dol.gov/sites/dolgov/files/OFCCP/pdf/pay-transp_%20English_formattedESQA508c.pdf)
QTS is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to [email protected] and let us know the nature of your request and your contact information.
QTS Data Centers was built around the Core Values of Integrity, Character, and Trust. We prioritize family, faith and community involvement while leading with strong, honorable, and principled behavior. We started this journey in 2003 when our CEO, Chad Williams, purchased his first data center in Overland Park, KS. Humble beginnings that have led to 35+ data centers and growing. Recently privatized in a $10 billion transaction with Blackstone, one of the most notable real estate investments companies in the world, QTS is positioned to execute on a global expansion initiative and we are looking for the best and brightest to join our team.
At QTS, we’re fearlessly leading the way by redefining what it means to be a data center provider. QTS is entrusted with providing world-class data center solutions to enterprises, government agencies as well as the largest and fastest growing technology companies in the world. We deliver a fully-integrated platform from top to bottom – one enabled by technology and world-class infrastructure. Simply put, we’re innovating to stay ahead of the curve.
We are powered by people.
And we’d like to invite you to join us.
In addition to a variety of benefit packages, QTS goes above and beyond for our employees:
Roth and Traditional 401(k) matching contributions with immediate vesting
Every employee is bonus or commission eligible
Generous PTO Accrual plus additional Paid Volunteer Days
Paid Holidays Annually/Holiday compensation when worked
Pet and Legal Insurance
Q-Rest Sabbatical Program
Q-Anniversary Service Award Program
Parental Leave for primary and secondary caregivers
Military Benefits Package
QTS Charitable Matching Gift Program
QTS Scholarship for Employee Dependents
QTS Crisis Fund
Wellness Program
Tuition Reimbursement Program