Lead Information Security Assessor (Contract to Hire)

Job title: Lead Information Security Assessor

Location: Texas, USA (Dallas and San Antonio). Fully Onsite working in client offices

Contract to Hire

 Senior Manager – Lead Information Security Assessor – Third Party Risk Management!

In this role, The Lead Information Security Assessor plays a strategic role in executing and overseeing Third Party Risk Management (TPRM) assessments. This individual is responsible for evaluating third-party vendors' information security posture, ensuring compliance with regulatory requirements, and guiding junior assessors.

The role demands deep subject matter expertise in Third Party Risk Management and proficiency in using GRC tools like Archer.The role is responsible for conducting Third Party Risk Assessments aligned to TPRM requirements. This individual will review the process and procedures of a supplier along with artifacts from their external audits (e.g., SOC 2 or other external documentation), ensuring adherence to applicable Laws, Rules, Regulations, and internal company requirements. The following domains will be assessed, and the individual must have a working knowledge across all, with Subject Matter Expertise in at least one:

•                     Information Security

•                     Information Technology

•                     Privacy

•                     Background Screening

•                     AI/Model Risk Management

Responsibilities

•                     Lead and manage third-party information security assessments and audits across Information Security, IT, Privacy, Background Screening, and AI/Model Risk domains

•                     Review supplier documentation, including SOC 2 reports and other external audit artifacts, to validate compliance with laws, regulations, and client requirements.

•                     Develop and maintain assessment methodologies aligned with regulatory and industry standards.

•                     Act as a Subject Matter Expert (SME) in Third Party Risk Management, providing guidance and mentorship to assessment teams.

•                     Collaborate with procurement, legal, compliance, and business units to ensure vendor risk is appropriately managed.

•                     Collaborate with internal stakeholders to communicate findings and recommend remediation strategies.

•                     Utilize Archer to track, report, and manage assessment workflows and findings.

•                     Prepare and present risk assessment reports to senior leadership and governance committees.

•                     Mentor and guide junior assessors and team members.

•                     Continuously improve assessment processes and tools.

Qualifications we seek in you!

Minimum Qualifications

•                     8 to 10 years of experience conducting third-party risk assessments/information security assessments.

•                     Expertise in Third Party Risk Management frameworks and practices.

•                     Familiarity with NIST, ISO 27001, SOC 2, and other security standards.

•                     Excellent written and oral communication skills.

Preferred Qualifications/ Skills

•                     Proficiency in Archer GRC platform.

•                     Professional certifications: CISSP, CISA, or CRISC.

•                     Experience in financial services.

•                     Experience leading cross-functional teams.