One of our clients is looking for a Security Contracts/Regulations & Third-Party Security Specialist to support their enterprise Cybersecurity Governance, Risk & Compliance team.
Role: Security Specialist (Vendor, Compliance, GRC) - w2 only
- Duration: Six months
- Location: Remote
-
Key Responsibilities:
- Security Contracts: Analyze third-party modifications to the Data Security Addendum (DSA), propose alternative language, and negotiate terms alongside GIS leadership and legal teams.
- Security Regulations: Research and map international cybersecurity regulations to corporate policies; identify misalignments and monitor the global threat landscape.
- Third-Party Security: Conduct vendor security assessments, identify non-compliance issues, and engage vendor leadership to negotiate risk resolutions.
Core Requirements:
- 7+ years of experience in security contract negotiations and third-party assessments within large global financial organizations.
- Deep knowledge of NIST CSF, ISO 27001, FFIEC, and SEC Regulation S-P.
- Expertise using Standard Information Gathering Questionnaires (SIG) and evaluating SOC reports.
- Experience with eGRC platforms such as MetricStream, RSA Archer, or OneTrust.
- Bachelor’s degree in a technical field; CISSP, CISA, CISM, or CRISC certifications are preferred.
- Exceptional executive presence and the ability to communicate complex security topics to senior leadership.