Experienced Full Stack Cybersecurity GRC Professional – Remote Third-Party Risk Management and Compliance Specialist at arenaflex

Introduction to arenaflex

arenaflex is a leading organization in the cybersecurity industry, dedicated to protecting its assets and ensuring the security of its operations. As a key player in the field, arenaflex is committed to staying ahead of the curve in terms of technology, innovation, and expertise. Our team of cybersecurity professionals is passionate about creating a safe and secure environment for our stakeholders, and we are now seeking an experienced Full Stack Cybersecurity GRC Professional to join our ranks.

About the Role

We are looking for a highly skilled and experienced cybersecurity professional to guide GRC-related activities and ensure the smooth execution of various tasks within our team. As a Third-Party Risk Management (TPRM) Specialist, you will be responsible for managing the internal security compliance requirements and implementation of regulations, tactics, and frameworks at arenaflex. This is an exciting opportunity to contribute to the development and maintenance of our cybersecurity program, working closely with our team of experts to identify and mitigate potential risks.

Key Responsibilities

• Assist in the management of arenaflex's Third-Party Risk Management (TPRM) software, ensuring the effective execution of due diligence exams and risk assessments.
• Validate incoming third-party risk assessment requests, working with business stakeholders to confirm the details of the request and the scope of the engagement.
• Conduct kick-off meetings with business stakeholders and third-party vendors, ensuring a smooth and efficient risk assessment process.
• Coordinate the distribution of due diligence questionnaires to internal stakeholders and third-party vendors, reviewing submitted questionnaires for completeness and identifying potential risks.
• File responses, associated findings, and remediation plans in arenaflex's systems, ensuring accurate and timely documentation.
• Draft and review reports for the checks performed, ensuring that respective business stakeholders finalize reviews and implement necessary remediation plans.
• Act as a strong liaison between the risk management team and business stakeholders, ensuring that any queries or concerns are addressed in a timely and effective manner.
• Perform continuous monitoring of third-party vendors via arenaflex's systems, tracking and addressing any new or existing findings.
• Identify opportunities for improvement within arenaflex's systems and processes, working closely with the risk management team to implement changes and enhancements.
• Collaborate with the risk lead/supervisor to schedule and execute a range of supporting activities related to the risk management program.

Governance, Risk, and Compliance

As a key member of the risk management team, you will be responsible for leading and supporting the development of cybersecurity risk and compliance-related strategies, ensuring the effective treatment of cybersecurity risks consistent with arenaflex's risk appetite. You will maintain and document compliance with information security-related guidelines and processes, planning, testing, remediating, tracking, and reporting on control reviews and risk assessments.

• Lead the development and delivery of compliance and risk education and ongoing communications, promoting a culture of security and compliance within arenaflex.
• Stay up-to-date with regulatory changes, new guidelines, technology, and internal policy modifications, identifying new key risk areas and implementing necessary changes.
• Lead the efforts to maintain and guide ISO 27001 certification, ensuring that arenaflex's systems and processes meet the required standards.

Competencies and Attributes for Success

To be successful in this role, you will need to possess a range of competencies and attributes, including:

• Outstanding stakeholder management skills, with the ability to communicate effectively with business stakeholders and third-party vendors.
• A working understanding of information security-related best practices and requirements, including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements, and others.
• Experience in the management of risk, controls, and compliance, with a strong understanding of risk evaluation methodologies – qualitative/quantitative.
• Superior analytical and problem-solving abilities, with the ability to navigate complex risk scenarios and develop effective remediation plans.
• Excellent presentation-making and delivery skills, with the ability to communicate complex risk information to business stakeholders and senior management.

Personal Attributes

In addition to the technical skills and competencies listed above, you will need to possess a range of personal attributes, including:

• Strong interpersonal skills, with the ability to build and maintain effective relationships with business stakeholders and third-party vendors.
• The ability to navigate rapid-paced environments and be flexible with working hours, with a strong focus on delivering results and meeting deadlines.
• Excellent communication skills, both verbal and written, with the ability to communicate complex risk information to business stakeholders and senior management.
• The ability to adapt quickly to changing conditions and drive high-quality change, with a strong focus on continuous improvement and process enhancement.

Preferred Education and Experience

To be considered for this role, you will need to possess a range of education and experience, including:

• A relevant Bachelor's/Master's degree from an accredited university or equivalent experience.
• At least 4 years of experience in third-party risk management, information security, and audit & compliance tracking (minimum of 2-3 years in TPRM/internal audit).
• Preferred experience with a large company and/or large four accounting firm.
• One or more credentials - CISA, CRISC, ISO27001 L.I, CISSP.
• Experience in AI/ML is a plus.

Career Growth Opportunities and Learning Benefits

At arenaflex, we are committed to the growth and development of our employees, providing a range of career growth opportunities and learning benefits. As a member of our risk management team, you will have access to:

• Comprehensive training and development programs, designed to enhance your technical skills and competencies.
• Opportunities for career advancement, with a range of roles and responsibilities available within the risk management team.
• A collaborative and supportive work environment, with a strong focus on teamwork and knowledge-sharing.
• Access to industry-leading tools and technologies, with the opportunity to work with cutting-edge risk management systems and processes.

Work Environment and Company Culture

At arenaflex, we pride ourselves on our positive and inclusive company culture, with a strong focus on teamwork, collaboration, and employee well-being. As a member of our team, you will be part of a dynamic and supportive work environment, with access to:

• A range of employee benefits, including flexible working hours, remote work options, and comprehensive health and wellness programs.
• A collaborative and open work environment, with a strong focus on communication, feedback, and continuous improvement.
• Opportunities for socialization and team-building, with a range of company-sponsored events and activities.
• A commitment to diversity, equity, and inclusion, with a strong focus on creating a welcoming and inclusive work environment for all employees.

Compensation, Perks, and Benefits

At arenaflex, we offer a competitive compensation package, with a range of perks and benefits designed to attract and retain top talent. As a member of our risk management team, you will be eligible for:

• A competitive salary, with opportunities for bonuses and performance-based rewards.
• A comprehensive benefits package, including health, dental, and vision insurance, as well as retirement savings and pension plans.
• A range of perks and discounts, including access to exclusive employee discounts, free parking, and on-site fitness facilities.
• Opportunities for professional development and growth, with a range of training and development programs available.

Conclusion

If you are a motivated and experienced cybersecurity professional, looking for a new challenge and opportunity to grow your career, we encourage you to apply for this exciting role at arenaflex. With a competitive compensation package, comprehensive benefits, and a range of career growth opportunities, this is an opportunity not to be missed. Apply now to join our team of experts and contribute to the development and maintenance of our cybersecurity program.

Apply Now