1. Performs the following as it pertains to the management of cybersecurity risks from third parties who provide services to the IMF:

• Enhances existing processes and standard operating procedures and develop new ones, if applicable;
• Analyzes and evaluates third parties against information security policies, controls standards, and procedures to ensure conformance to expectations, whilst working closely with internal stakeholders to ensure that third parties comply with our policies, standards, and procedures;
• Coordinates with project teams, relationship managers, procurement, and other stakeholders as needed, to ensure that sufficient security contract clauses are in place with third parties;
• Guides and supports risk owners in the development and execution of risk mitigation strategies to address identified risks and reduce the organization’s exposure to cyber threats;
• Communicate assessment findings and recommendations to internal stakeholders and monitor and track progress through periodic assessment activities; and
• Evaluate the security posture of third parties that have access to sensitive information or systems and conduct risk assessments to identify and evaluate related potential security threats. Provide guidance on related risk mitigation strategies.

2. Supports other cybersecurity risk subject matter experts with the continuous risk assessment and related risk treatment and reporting for certain categories of information assets that are essential to business functions.

3. Provides support for information security governance initiatives to automate enhanced information security processes, including but not limited to the preparation and presentation of user technical support and training materials to ensure the efficient, effective, and secure use of information security GRC technology.

Requirements:

Advanced degree from an accredited university in a related field OR Bachelor’s degree from an accredited university in a related field plus a minimum of 6 years of progressive work with third party risk management or related security experience.

• Candidate must possess at least 1 globally recognized information security professional certification. This includes certifications such as CISSP, CISM, CCSP, etc.
• Pragmatic security expert with an inherent ability to balance security demands with business reality.
• Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.
• Demonstrate strong risk management concepts and principles – including assessment, prioritization, delivery of treatment plans, tracking, reporting, and metrics.
• Fundamental understanding of cybersecurity risk management with 3rd parties and direct experience partnering with other stakeholders such as Procurement, Legal, Enterprise third -party risk, etc.
• Critical thinking and analytical decision-making skills to forecast cybersecurity related issues, events and/or risks pertaining to third parties.
• Contract clause verification pertaining to cybersecurity and IT resilience controls.
• Experience with policy, process and procedures development, enhancement, and awareness for cyber risk management of third parties.