Side Hustles

Side Hustles For All

$86,700.00 – $151,700.00

Cyber Due Diligence Analyst

Apply Now
Full-time Remote 36d ago

Location:

US

Company:

Parsons Corporation focuses on creating solutions for the defense, intelligence, and critical infrastructure markets.

Summary:

In this role, you will lead cybersecurity third-party risk assessments and ensure compliance with security policies for vendors. Candidates should have a bachelor’s degree in a technical field and 5+ years of relevant risk management experience, along with a current Top Secret clearance.

Requirements:

Credentials: Bachelor’s degree preferred in a technical field (e.g., Cybersecurity, Information Technology) or equivalent combination of education, training, and relevant experience.

Experience: 5+ years of experience in risk management required., Experience executing and managing cybersecurity assessments in a heavily regulated industry, preferably Financial Services., Experience conducting risk assessments of third-party vendors, suppliers, or partners.

Job Description:

Parsons is looking for an amazingly talented Senior Cyber Due Diligence Analyst to join our team! In this role you will lead cybersecurity third party risk assessments and support continuous improvement of the end-to-end third-party risk management process to ensure 3rd parties (Data Provider & Vendors) meet our security needs, including pre- and post-contractual assessments to identify and manage any risks to ensure security on Day 1

What You'll Be Doing:

  • Report to the Operational lead and will play a pivotal role in the vetting and due diligence of data providers and supporting the operational platform’s overall cybersecurity and risk posture
  • Conduct thorough security assessments of third-party vendors, suppliers, and partners to evaluate their compliance with established security policies, regulations, contracts, and industry best practices
  • Analyze and interpret third-party security assessment findings and provide recommendations and remediation plans to mitigate identified risks
  • Monitor and track third-party risk issues, ensuring timely resolution and appropriate risk mitigation actions are taken
  • Maintain a comprehensive understanding of the organization's third-party risk management framework and standards
  • Ensure assessments are in accordance with known industry frameworks (i.e., ISO, SCF, NIST, GLI-33)
  • Collaborate with cross-functional teams, including Strategic Sourcing / Procurement, Legal & Compliance, IT, Cybersecurity, and business units to gather necessary information and ensure compliance with risk management processes
  • Stay updated with emerging trends, regulatory changes, and industry standards related to third-party risk management, and incorporate them into risk assessment processes and practices
  • Prepare reports, summaries, and metrics on third-party security assessments to Operational Lead, Program Manager or the Government Lead, highlighting key findings and recommendations
  • Assist in the development and enhancement of third-party due diligence policies, procedures, and frameworks to continually improve the effectiveness and efficiency of risk assessment processes
  • Support the development of training and guidance to internal teams on third-party risk management best practices and procedures
  • Help foster a culture of risk awareness

What Required Skills You'll Bring:

  • Bachelor’s degree preferred in a technical field (e.g., Cybersecurity, Information Technology) or equivalent combination of education, training, and relevant experience.
  • 5+ years of experience in risk management required. Cross functional experience in IT or information security governance, risk management and compliance (GRC), with a focus on third party risk management and vendor management preferred.
  • Experience executing and managing cybersecurity assessments in a heavily regulated industry, preferably Financial Services.
  • Knowledge of relevant regulations, standards, and frameworks related to third-party risk management, such as ISO 27001, NIST CSF, NIST SP 800-53, GDPR, GLI-33, and other industry-specific regulations.
  • Familiarity with risk assessment methodologies, frameworks, best practices, and the full breadth of cybersecurity domains, particularly as they pertain to third-party risk management.
  • Expertise in evaluating vendor posture by analyzing SOC 2 reports and other attestations.
  • Experience conducting risk assessments of third-party vendors, suppliers, or partners, including evaluating their compliance with policies, procedures, and regulatory requirements.
  • Good analytical skills to identify and assess potential risks associated with third-party relationships, such as data security, operational vulnerabilities, and regulatory compliance.
  • Detail-oriented mindset with the ability to analyze and interpret risk assessment findings and provide recommendations and remediation plans to mitigate identified risks, all while communicating with external stakeholders.
  • Ability to prepare clear and concise reports, summaries, and documentation related to risk assessments.
  • Ability to cultivate relationships with cross functional teams to promote collaboration and cohesiveness
  • Familiarity with risk management software or tools used for tracking and managing third-party risks will be an advantage.
  • Proactive and collaborative attitude with the ability to stay updated on emerging trends, regulatory changes, and industry standards related to third-party risk management
  • Need to have a current and active Top Secret clearance

Security Clearance Requirement:

An active Top Secret security clearance is required for this position.​