We are looking for a highly skilled resource proficient in Information Security domain. This is for our Vendor and Client Security team within the Information Security Department. The candidate is expected to perform the following responsibilities:
The responsibilities include but are not limited to:
- Complete client security questionnaires, answer follow-up questions and participate in client audits at the request of the business
- Conduct vendor security due diligence assessments to verify a vendor’s information security & privacy capabilities by providing security/privacy risk assessment questionnaires, analyzing responses, and creating final assessment reports
- Conducting continuous monitoring of our most critical vendors and work with them on remediation of vulnerabilities identified
- Complete client security questionnaires, answer follow-up questions and participate in client audits at the request of the business
- Partner with business and other stakeholders to ensure risks are clearly articulated in a manner that is understood by business and technology audiences
- Work with the business to track the remediation to close out any vulnerabilities identified by clients
- Review contracts and master service agreements as requested to ensure appropriate security language is present
- Provide support in the development, implementation and maintenance of the Information Security program
- Participation, as required, during internal and external audits related to SOC2, ISO 27001/27701, etc.
- Familiar with routine content of Information Security policies in order to support annual reviews and updates
- Perform general administrative duties as necessary to support Information Security operations
Necessary requirements:
- Minimum 3-5 years of experience in Information Security related positions
- Bachelor's degree in a related field from an accredited college or university
- Good English written and verbal communication skills
- Thorough understanding of, and experience with, Information Security program development, maintenance and governance
- Strong research skills
- Ability to plan and execute with minimal oversight
- Ability to multi-task and prioritize tasks across a range of projects, adjusting to shifting priorities
- Excellent time management and organization skills
- Strong personal integrity
- Demonstrate commitment to obtaining outstanding results
- Willingness to work various hours to support global business users
- Prior working knowledge of the ProcessUnity Vendor Risk Management Tool is a plus
- Prior working knowledge of the Bitsight cybersecurity ratings practice is a plus
About Kroll
In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity—not just answering all areas of business. We value the diverse backgrounds and perspectives that enable us to think globally. As part of One team, One Kroll, you’ll contribute to a supportive and collaborative work environment that empowers you to excel.
Kroll is the premier global valuation and corporate finance advisor with expertise in complex valuation, disputes and investigations, M&A, restructuring, and compliance and regulatory consulting. Our professionals balance analytical skills, deep market insight and independence to help our clients make sound decisions. As an organization, we think globally—and encourage our people to do the same.
Kroll is committed to equal opportunity and diversity, and recruits people based on merit.
In order to be considered for a position, you must formally apply via careers.kroll.com
#LI-AT1
#LI-Hybrid
