Top 3 -5 skills  

• Risk Assessment/ 2yr
• Vendor Contract review/ 2 yrs
• Auditing/ 3 yrs
• SQL/ 3yrs
• Power Apps/ 2yrs 

Key Responsibilities:
o Conduct assessments of third-party vendors to identify and evaluate potential risks.
o Review vendor contracts service level agreements SLAs and other legal documents to ensure compliance with AA risk management policies and regulatory requirements.
o Collaborate with various stakeholders to gather information and assess the overall risk exposure related to third-party relationships.
o Facilitate discussion with third-party vendors to identify potential risk mitigation strategies and controls to address identified risks.
o Monitor and track vendor performance ensuring compliance with contractual obligations.
o Provide guidance and recommendations to AA Business Units on selecting and managing third-party vendors.
o Maintain documentation of risk assessments due diligence reviews and compliance activities.
o Stay updated on industry trends regulatory changes and emerging risks related to third-party risk management.
Decision making what decisions will this position be making:
Provide vendor risk assessment results to IT / Business owners to determine future vendor relationships.
Identify and escalate critical risks and issues to senior management.
Facilitate discussion with the vendor and business owner to identify strategies to mitigate risk.
Determine the appropriate level of ongoing monitoring required for each vendor relationship.
Communication who will this position communicate with and in what capacity:
Manager Third Party Risk Management TPRM
Report to TPRM Manager and provide progress updates on day-to-day TPRM program operations and activities.
Attend regular meetings and reporting to facilitate the exchange of information alignment of goals and coordination of efforts between both roles.
Business Owner
Facilitate review of risk exposure with the business owner to communicate vendor risks
Provide risk exposure mitigation strategies and other information to enable business decision making and business risk acceptance
Legal Privacy
Collaborate to ensure third party compliance with relevant laws regulations and contractual obligations.
Collaborate with the Legal Privacy teams to help align cybersecurity third party risk management practices with legal requirements and mitigate potential legal risks.
IT Vendor Management ITVM
Collaborate with the Legal Privacy teams to help align cybersecurity third party risk management practices with IT vendor management policies standards and procedures.
Cybersecurity Product Teams
Engage with cybersecurity product teams to support identification validation and remediation of gaps and findings from third-party cybersecurity risk assessments.
Engage in effective communication and collaboration between the various cybersecurity product teams.

Minimum Qualifications- Education Prior Job Experience Education Degree and level of attainment:
Bachelor's degree in computer science information systems risk management or a related field.
Experience Industry/function and years of experience:
Experience 1-3 years in cyber risk management vendor management audit compliance information security or a related field.
Familiarity with regulatory requirements and industry best practices related to third-party risk management.
Familiarity with vendor risk management principles and best practices such as managing vendors through their lifecycle from onboarding to termination.
Experience in conducting vendor risk assessments in alignment with minimum standards and requirements to identify gaps in vendor controls and facilitate discussion with the vendor to identify potential risk mitigation strategies.
Knowledge of relevant cybersecurity frameworks e.g. NIST CSF ISO 27001 and regulations e.g. TSA Cyber Amendment HIPAA GDPR.

Preferred Qualifications:
Experience in contract negotiation and vendor management.
Familiarity with industry-specific regulations e.g. TSA FAA PCI DSS and their cybersecurity requirements.
Experience working in highly regulated industries such as finance healthcare or government.
Knowledge skills and abilities:
Ability to work independently and collaborate effectively with cross-functional teams.
Strong analytical and problem-solving abilities.
Proficiency in conducting risk assessments evaluating vendor contracts and identifying potential risks.
Familiarity with conducting on-site assessments and evaluating vendors' controls and processes.
Knowledge of relevant cyber security standards e.g. NIST CSF NIST 800-161 etc..
Knowledge of cybersecurity technologies tools and best practices.
Familiarity with cybersecurity risk assessment methodologies and frameworks.
Ability to stay updated with the latest cybersecurity trends threats and regulatory changes.