[Hiring] IT - Third Party Risk Manager I @Cincinnati Financial

Role Description

Our Vendor Management Office department is currently seeking a Third Party Risk Manager.

Be ready to:

• Conduct information security risk assessments of vendors and vendor software, based on company standards and risk appetite, leveraging demonstrated working knowledge of industry security practices.
• Make information security risk recommendations on behalf of the company, within limits approved by management.
• Review project documentation, system design documents, vendor security policies and other vendor security references (i.e. SOC II type 2, SIG, AUP, PCI ROC, TPRM monitoring reports, etc.) to determine the extent, type, and scope of risks of the vendor relationship.
• Provide security-related recommendations and communicate the need for the changes to business, IT and other stakeholders.
• Coordinate with IT architects, project teams and vendors to bring system designs into alignment with company security standards.
• Follow procedures to establish company records for the risk management process.
• Modify vendor risk procedures and other tools to support continuous improvement of the vendor risk management program.
• Support IT management relative to vendor product ownership responsibility, product license needs, license and support renewal process.
• Follow vendor governance policies and procedures that drive the behaviors of those individuals/organizations.
• Inform IT and business unit stakeholders on vendor management practices.
• Work with business partners and other IT service areas in the requirement gathering process.
• Manage vendor relationships including negotiation, license/cost analysis, audit support and coordination, product renewals, and performance monitoring.

Qualifications

• Demonstrate an understanding of fundamental aspects of information security (i.e. data classification, inventories, technical/ procedural/ physical control categories).
• Demonstrate an understanding of information security standards and regulations (e.g., ISO 27001/27002, NIST, FFIEC, etc.), and commonly used concepts, practices and procedures within the information security and privacy fields.
• Demonstrate an understanding of the fundamentals of vendor relationship management (i.e. stakeholder management, communication, problem solving and organizational skills, relationship building).

Requirements

• A bachelor’s degree or technical institute training or any combination of education and experience that would provide an equivalent background.

Benefits

Your commitment to providing strong service, sharing best practices and creating solutions that impact lives is appreciated. To increase the well-being and satisfaction of our associates, we offer a variety of benefits and amenities. Learn more about our benefits and amenities packages.

Many departments at our Headquarters in Fairfield, Ohio, offer hybrid work options, empowering associates to work from home several days a week. Depending on your role and responsibilities, hybrid options may be available.

Company Description

As a relationship-based organization, we welcome and value a diverse workforce. We grant equal employment opportunity to all qualified persons without regard to race; creed; color; sex, including sexual orientation; religion; national origin; age; disability; or any other basis prohibited by law.