Senior Third-Party Risk Analyst

Brand: Estée Lauder Companies

Description

The Estée Lauder Companies attracts the most outstanding people from diverse industries and nurtures their talents. Whether they work in one of our stores, on a production line, at our corporate headquarters in New York City or in one of our affiliates worldwide, our employees take pride in their contributions to our success.

Do you want to work for one of the world’s largest luxury beauty brands?

Are you passionate about ensuring that a company upholds its commitment to delivering value to customers every day?

Are you excited about the prospect of collaborating with a diverse and dynamic team, utilizing your language skills to enhance risk analysis processes?

We are looking for

Senior Third-Party Risk Analyst

to join our team in Budapest!

The role:

Member of ECR Governance, Risk and Compliance team with responsibility for execution of the TPRM (third-party risk management) program. Perform cybersecurity risk-based assessments which document key risk areas for third-party vendors. Work with both internal and third-party points of contact to develop remediation plans and track resolution status.

This role necessarily deals with highly confidential and sensitive information, and the role is expected to both define appropriate handling of such information for the enterprise and to implement best handling practices.

Qualifications

Responsibilities:

• Partner with TPRM program key stakeholders to identify vendor due diligence requirements and ensure status is up to date.

• Able to review vendor due diligence materials (i.e., SOC1/SOC2, Vulnerability Scan, ISO 27001, etc.) and identify potential risks.

• Familiarity with Frameworks such as NIST CSF, OWASP10, ISO, ITIL and CMMI.

• Familiarity with the difference between SaaS and COTS based applications and the unique risks of each.

• Awareness of emerging cybersecurity threats including zero-day vulnerabilities and supply chain related risks.

• Able to understand details of vendor’s cybersecurity program and identify where gaps exist with internal company policy requirements.

• Ability to perform root cause analyses on issues identified and clearly articulate to a less technical user.

• Ability to clearly articulate the potential implications of cybersecurity risks to less technical users.

• Able to triage use cases and prioritize risk based on scope and impact.

• Produce risk assessment reports and effectively communicate and collaborate with vendors to implement remediation responses.

• Effectively collaborate with cross-functional, interdisciplinary teams, such as Procurement, Supply Chain, R&D, Legal and Privacy to conceptualize and require contract security provisions for remediation of risk identified in vendor assessments specific use cases and third-party engagements.

• Work with program lead and legal/privacy team to identify required contract security provisions to remediate risks identified in vendor assessment.

Requirements:

• Bachelor’s Degree preferably in Information Technology or Cybersecurity.

• At least 5 years of relevant experience.

• CISA/CISM certification or equivalent desired.

• Experience in Information Technology and Cybersecurity highly desired.

• Internal Audit related experience a plus.

• Skills: IT Audit, Risk Assessment, Cybersecurity, NIST framework, SOC1, SOC2, ISO 27001.

• Experience with industry-recognized Cybersecurity and Governance, Risk and Compliance (GRC) systems and applications such as Process Unity, CyberGRX, BitSight and Recorded Future along with familiarity with Shared Assessment methodology. Experience with Shared Assessments (https://sharedassessments.org/) methodology including use of their Standardized Information Gathering (SIG) questionnaire.

• Strong communication skills, influence/negotiation skills,

• Strong analytical skills, and measurement/visualization ideas.

• Ability to problem-solve, think creatively, challenge the status quo, and manage ambiguity.

• Ability to communicate complicated or technical information to executives, including proven ability to work both independently and as part of a team, with stakeholders at all levels.

• Proficient in Microsoft Suite of products including Visio, Excel, Word, and PowerPoint.

• Proficient in English as a business language.

• Experience handling, securing, and communicating highly confidential and sensitive information.

Job location:

• Budapest, XI. district - Budapest One office

• We are working in a hybrid structure (10 days per month HO provided)

Job: Information Technology

Primary Location: Europe, Middle East, Africa-HU-BU-Budapest

Job Type: Standard

Schedule: Full-time

Shift: 1st (Day) Shift

Job Number: 246296