Third-Party Cyber Risk Specialist
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Third-Party Cyber Risk Specialist (Cybersecurity): Execute the third-party cyber risk management program by conducting risk assessments, managing client due diligence questionnaires, and monitoring vendor security posture. Focus on analyzing security gaps, prioritizing risks by impact and likelihood, and coordinating responses to third-party cyber incidents and regulatory inquiries.
Location: Chicago, Illinois, United States of America
Salary: $84,150-$108,900 (base range for US locations)
Company
provides financial market infrastructure and tradable products.
What you will do
- Manage incoming client due diligence requests (assessments, questionnaires), triage them to the right teams, and validate NDAs.
- Coordinate across business, legal, technology, and information security teams to validate questionnaire responses and fulfill control-related requests.
- Own client due diligence response management, including using response management software and maintaining a standardized response library.
- Collect and review third-party vendor documentation, run third-party risk assessments, and perform security reviews using questionnaires and security tools.
- Analyze identified third-party risks, prioritize them by impact/likelihood, and help create remediation plans; continuously monitor vendor security posture via assessments, vulnerability scans, and incident reporting.
- Support internal security incident response for third-party cyber incidents and assist with regulatory exam documentation and regulator inquiries.
Requirements
- Bachelor’s degree or equivalent work experience in a relevant field.
- 3+ years of experience in third-party risk management, vendor management, security incident response, cyber management, or a comparable field.
- Strong cybersecurity fundamentals, including application security, access control, and incident response.
- Knowledge of compliance and regulatory frameworks such as NIST, SOC 2, GDPR, and ISO 27001.
- Excellent communication and collaboration skills across cross-functional teams.
- Ability to work independently and manage multiple assignments/projects simultaneously.
Culture & Benefits
- Four-day in-office work model to support partnership and team connection.
- Health, dental, and vision benefits with access to telemedicine and mental health services.
- Generous paid time off (vacation, personal days, sick days, and annual community service days).
- 2:1 401(k) match up to 8% immediately upon hire, plus tax savings accounts.
- Discounted Employee Stock Purchase Plan and employee referral bonus program.
- On-site gyms and paid tuition assistance/education opportunities.
Hiring process
- Application review by a Cboe recruiter.
- Interviews to assess experience with third-party cyber risk, security/compliance knowledge, and cross-functional collaboration.
- Final evaluation based on role fit and relevant background.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →