Third-Party Risk Management Program - Jefferson City, MO (Hybrid)

Overview

On Site
Contract - W2
Contract - 30 day((s))

Skills

CISSP

Job Details

Purpose:

Recent trends have shown a significant increase in cyber incidents and data breaches that originate from third-party service providers. These third parties often have direct or indirect access to state systems, sensitive information, or critical infrastructure, which makes them a major source of cyber threats. Currently, the State of Missouri does not have a standardized, centralized framework for identifying, assessing, mitigating, and monitoring third-party risks across its agencies.

The Office of Cyber Security (OCS) plans to procure a vendor to establish the first phase of a comprehensive Third-Party Risk Management (TPRM) Program to address the increasing risks associated with external vendors, contractors, and service providers. The initiative is a proactive response to the rising number of cybersecurity incidents linked to vulnerabilities in third-party relationships within the organization, as well as to meet new requirements released by the National Institute of Standards and Technology (NIST) publication SP NA0-53 Revision 5 in September of 2020.

Responsibilities:

  • Current State Assessment
  • Review existing vendor management processes across the agencies.
  • Identify gaps in third-party cybersecurity practices
  • Develop Risk Management Policies and Procedures
  • Create robust processes, procedures and guidelines for a standardized and consistent approach to third-party risk management.
  • Develop and implement risk evaluation methods, including questionnaires, audits, or third-party data.
  • Develop a Vendor Assessment Framework
  • A comprehensive framework for vendor assessment will be created, incorporating best practices in risk management.
  • Develop detailed documentation for a standardized approach to the TPRM program.
  • Vendor Criticality Matrix
  • Create a vendor risk categorization system (High, Medium, Low) to classify vendors based on their impact on operations.
  • Implementation Support
  • Assist in deploying the program in a pilot.
  • Iterate based on feedback and extend across other agencies.
  • Training
  • Conduct train the trainer sessions for staff and provide a process manual.
Lead Requirements :
  • 3+ years' experience in leading an implementation team for State Government or equivalent organization.
  • Certifications in cyber risk management or cybersecurity, such as CRISC, CGRC, CISSP preferred.

Analyst Requirements:

  • 2+ years' experience in cyber risk management or cyber security.
  • Certifications in cyber risk management or cybersecurity, such as CRISC, CGRC, CISSP preferred.
  • Certifications in third part risk assessment such as CTPRA preferred.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.