About the Role
Mange Operational vendor risk management team for vendor onboarding, due diligence, and ongoing monitoring.
Mature Lumen’s risk culture by leading vendor risk discussions and decisions with stakeholders
Manage vendor management lifecycle including vendor risk reporting and oversight of assessed vendors.
Manage vendor communication to conduct vendor risk assessments, and timely completion of vendor questionnaires.
Support the operations for the vendor risk management automation platform, including development of new builds to enhance vendor risk assessment process.
Timely reporting and escalation of third-party issues and remediation actions associated with control gaps for closure.
Manage coordination across multiple vendors, business risk owners, and risk review teams.
Advise on vendor risk treatment plan to reduce risk to organization.
Support reporting requirements and audit exams, reports for Senior leadership team, and develop metrics to assess and reporting of vendor risk.
Execute on strategic roadmap to enhance third-party onboarding and inherent and residual risk measurement process, vendor segmentation, and alignment to risk policy and procedures.
Requirements
- Proven experience leading and developing high-performing teams; Ability to influence and drive organizational change.
- Direct experience working in Third party Risk management team; in financial, telecom industry experience preferred or other highly regulated industries.
- Experience and deep understanding of qualitative vs. quantitative risk management and inherent vs. residual risk to properly determine, evaluate, and report on related vendor risk assessments.
- Understanding of standard contract structure and terms and experience in working with audit and testing on assessment exams a plus
- Experience in evaluating, developing, and implementing vendor risk assessment and mitigation solutions.
- Demonstrated capability to understand and negotiate legal contractual language and effectively communicate with legal attorneys, business sponsors and sourcing teams.
- Experience creating and utilizing KPIs and KRIs; experience with dashboards and data visualization tools.
- Experience with daily IT operations and best practice frameworks (ISO 27001/2, CIS Critical Controls, NIST 800-73, etc.) in one or more areas, such as system administration, networking, and information security.
- An understanding of various data protection laws (e.g. GLBA, GDPR, CCPA, etc.).
- Strong relationship building experience, both internally with business and technology leaders, information security teams, and legal teams, and externally with service providers and business partners.
- Excellent communication skills, including presentation, written, and verbal; demonstrated business acumen; Results oriented and proven ability to meet deadlines.
- Strong documentation, planning, negotiation, work prioritization, and organizational skills.
- Bachelor’s degree in Information Technology or related field is preferred. High school diploma (or equivalent) in combination with 10+ years of experience in an information security role will be considered. Minimum of high school diploma or equivalent is required.
- Preferred working knowledge of legislative and financial regulatory compliance standards and best practices.
- Preferred CRISC, CISM, CISSP or equivalent certifications.
About the Company
Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With 450,000 route fiber miles serving customers in more than 60 countries, we deliver the fastest, most secure global platform for applications and data to help businesses, government and communities deliver amazing experiences. Learn more about Lumen’s network, edge cloud, security and communication and collaboration solutions and our purpose to further human progress through technology at news.lumen.com, LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook: /lumentechnologies, Instagram: @lumentechnologies and YouTube: /lumentechnologies.