Overview
Skills
Job Details
Equal Plus Consulting has been engaged to search for Third Party Risk Management Lead to work on a full time/permanent basis for a client based in Atlanta, GA.
Title: Lead, Third Party Risk Management – OT Manufacturing Systems
Start Date: ASAP
Term: Permanent/Full Time
Location: Atlanta, Georgia
Non local candidates willing to relocate to Atlanta will be considered
Excellent Communication skills, Lead role experience
Job Description
Our client fosters a culture that protects, preserves, and enhances our reputation. The IT Compliance team is seeking an experienced professional to oversee and manage various tasks related to OT Third Party Risk Management practices and technologies.
This role will encompass Third Party Risk practices being deployed to manufacturing facilities with the intent to minimize risk exposure related to third parties in the ecosystem. This position is responsible for deploying risk management practices to the OT footprint and to provide leadership with transparency into risk exposure for OT third parties. This role involves establishing new processes with focus on Industrial Control Systems, MES systems and all OT systems in use manufacturing facilities (plants and mill locations) across the globe.
Lead, OT - Third Party Risk Management is expected to:
Coordinate with external providers and internal technology teams regarding platform development, enhancements, integration and issue resolution
Liaise with global risk and compliance groups and OT engineers and leaders related to due diligence matters and system requests or changes
Collaborate across manufacturing facilities with cross functional teams to escalate and resolve issues and risks identified and tracked
Represent the IT Compliance Office with business teams, partners, and other stakeholders, and with external third parties
Identify key performance indicators to be used for management reporting
Manage reporting and analyzing metrics for key performance indicators identified
Identify risks, exceptions to policy or standards and other risk related issues for tracking and reporting or escalations to leadership
Define and oversee processes and standards of operation performed by global OT resources
Assess, analyze and document risks pertaining to third parties in a risk register and establish standard procedures to classify/categorize them based on the severity of their impact
Responsibilities
Gain comprehensive knowledge and understanding of relevant policies, guidelines and compliance program elements which will be deployed to OT processes to achieve risk minimization objectives
Manage and perform monitoring activities on the OT TPRM program activities, including use of the IT Risk Management and Third Party Risk Management modules within the GRC system (OneTrust)
Perform data analysis for ongoing monitoring of control violations, risk assessment activities, and reporting to management and senior leaders on key performance indicators on a recurring cadence
Effectively interpret and document testing and monitoring results and develop recommendations for improvements and enhancements to reduce risk profile for OT systems
Utilize and develop data analytics capabilities to evaluate and improve third party management decisions, mitigation planning of obsolete technologies, and identifying reporting mechanisms to be leveraged for same
Identify operational risks for OT third parties that need to be raised to leadership for remediation and risk reduction workstreams
Oversee training of OT TPRM team members, risk & compliance groups and stakeholders on TPRM practices adopted and deployed for operational technology vendors
Monitor, report and track compliance with policies and practices, including system security and access controls for OT systems and respective third parties
Collaborate with cross functional engineers, leaders, colleagues, and global partners to achieve alignment on goals and objectives associated with risk reduction workstreams
Effectively communicate with peers, managers, senior managers, and executive leaders cross functionally as a trusted subject matter expert and advisor for OT TPRM practices
Recommend and implement process improvements to meet IT/OT Convergence of TPRM, risk & compliance goals on an annual basis.
Provide system and process training and support to OT engineers and leaders for the ITRM platform TPRM module
Design and manage other OT third party assessment templates and workflows
Key Skills
Aptitude to learn and utilize technology to perform and document responsibilities
Ground level/building foundation experience a must
Moderate to advanced skills working with technical tools including Microsoft Office applications, specifically Excel, PowerPoint, and Word
Working knowledge of OneTrust GRC application and other relevant risk management solutions
Familiarity with using Microsoft Visio would be an advantage
Proven ability designing or enhancing third party risk management or compliance-related processes
Excellent organizational aptitude
Ability to analyze problems and facilitate solutions
Excellent written and verbal communication skills
Ability to think critically, objectively and analytically
Detail-oriented with strong project management, organization, prioritization, and time management skills
Flexibility in working on several processes or projects simultaneously to meet team goals and responsibilities
Possess high integrity to handle sensitive and confidential data
Ability to work accurately and efficiently under pressure
Proven ability to work independently and drive projects to completion
Ability to work collaboratively with subject matter resources, often in a virtual and cross border environment
Confidence and poise to work directly with leadership teams
Willingness and ability to readily respond to changing circumstances and expectations
Interest in effectively developing other colleagues and creating a culture of compliance, inclusion and professional growth
Qualifications
Substantive direct experience in one or more of the following: third party due diligence, ethics and compliance programs, risk and controls, process management or change management in a manufacturing / OT environment
Functional experience working in a manufacturing environment with MES and ICS systems
At least 5 years of experience working for a manufacturing organization providing one or more of the following: regulatory and compliance, enterprise risk management, audit, consulting, and other related services
Bachelor's degree in accounting, finance, business, or related field
Information Security certifications (CRISC, CISM, ISA 62443, etc.) desired
Certified Internal Auditor, and/or relevant compliance experience a significant advantage
Knowledge of GDPR and CCPA privacy rules associated to accessing, classifying, transferring, or modifying data in its lifecycle