Third Party Risk Assessor

in Rockville, MD

Job #:265609

Practice Area: Not Yet Classified

Date Posted: 05/15/2018

Share this job  

Job Title:  Third Party Risk Assessment Analyst

Location:  Rockville, MD

Industry:  Financial/ IT

Terms:  Contract / Contract-to-Hire


Job Title Job Summary:

  • Member of the Cyber & Information Security team with responsibility for supporting the design, implementation, and maintenance of a consistent Third Party Vendor Risk Management program. Perform risk based assessments which document the key risk areas for each third party vendor. Work with internal stakeholders and external vendors to develop remediation plans and track resolution status.
    Job Title Job Responsibilities:
  • Provide guidance to all stakeholders to ensure requirements of the VRM are fully understood
  • Partner with internal stakeholders to identify vendors and ensure the Enterprise vendor inventory is kept up to date and appropriately categorized according to risk
  • Lead assessments of vendor risks, develop mitigating plans and partner with internal stakeholders to ensure resolution of issues identified
  • Familiarity with industry compliance standards i.e. SOC1/SOC2, Vulnerability Scans, ISO 27001, etc. Able to review and identify potential risks
  • Able to understand details of vendor’s cyber security program and identify where gaps exist with internal company policy requirements
  • Identify and evaluate potential vendor related issues and follow up with internal stakeholders and external vendor to develop remediation plan for unresolved issues
  • Able to triage and prioritize risk based on impact and likelihood
  • Produce risk assessment reports and work with vendors to implement remediation responses
  • Work with Legal team to identify required contract security provisions to remediate risks identified in vendor assessment
  • Experience with industry-recognized Governance, Risk and Compliance (GRC) applications
  • Experience with Shared Assessments ( methodology including use of their Standardized Information Gathering (SIG) questionnaire
  • Highly refined and professional verbal and written communications
  • Able to develop effective relationships with all levels of internal and external stakeholders
  • Ability to work in partnership with Legal, Purchasing, Data Privacy, Internal Audit and other teams


Job Title Job Requirements:

  • CTPRP/CISSP/CISM/CRISC certification or equivalent highly desired
  • Experience in Information Technology and Cyber Security highly desired
  • Bachelor’s Degree (preferably in Information Technology or Cyber Security) or equivalent work experience
  • US citizen preferred



Frequently Asked Questions:

  • Benefits?  Yes, provided by ettain group
  • Remote Workers?  Not eligible, must work onsite with the team
  • Visa Sponsorship?  Not offered
  • Corp-to-Corp?  Not eligible

How to Apply:

For immediate attention please apply online.

ettain group is a talent solutions company dedicated to matching people with the most relevant employment opportunities in IT, healthcare IT and the digital creative space. Top employers and highly skilled talent throughout the U.S. select ettain group for a better recruitment experience. Our culture empowers teams with the flexibility to deliver a superior candidate experience and client experience using market intelligence. We recruit resources, own projects and manage programs to offer a wide range of IT development and talent solutions to our clients and candidates. To learn more about ettain group visit To explore more job opportunities with ettain group, visit

Apply Now