About the Company:VISO TRUST is the only SaaS third party cyber risk management platform that delivers the security intelligence needed for modern companies to make critical risk decisions at the speed of business. Assessing the risk of data breach third party relationships pose to their customers is a traditionally complex and labor intensive process that slows business, frustrates stakeholders and leaves security teams branded: the department of “no.” With VISO’s AI-based system, practitioners can instantly and continually assess any number of third parties while achieving on average a 90% boost in operational efficiency. At VISO, we are excited to be enabling customers to reduce risk and accelerate business at the same time.VISO TRUST is a venture-backed startup with a fully remote workforce based in North America. When hiring, we look for signs that a candidate will thrive in our culture, where we put people first and value ownership, curiosity, honesty and humility in the pursuit of excellence. We also value our differences, employing a team rich in diverse perspectives and experiences. We are dedicated to equal employment opportunities regardless of status or membership in a protected class or lack thereof.About the JobAs a Third Party Risk Auditor at VISO TRUST, you will be responsible for analyzing security documents, conducting third-party risk assessments, and ensuring the accuracy of our AI-driven platform’s automated due diligence. You’ll collaborate with Product, Engineering, and Machine Learning teams to improve risk assessments and enhance platform efficiency. This role is ideal for someone with strong analytical skills and experience in cybersecurity frameworks, excited to work with AI to streamline third-party risk management.Key ResponsibilitiesAnalyzing security program related language and documents, recording text annotations for the training of machine learning models and ensuring quality assurance on the conclusions drawn by automated assessmentsConducting domestic and global third party risk assessments including coordinating intake of new third parties and new engagements, third party security reviews, interacting with internal and external stakeholders, reporting on assessment outcomes and tracking remediation effortsWorking closely with Product, Engineering, Customer Success and Machine Learning teams to contribute to automation logic and model training and ensure the success of reviews performed on the platformApply VISO TRUST methodology to to evaluate control presence and determine riskDocument assessment procedures for subsequent automationReview business and technical assessments, questionnaires and related documentationSchedule and conduct review calls with third parties: ensure and track questionnaires sent to third parties, track and report on abandoned third parties, receive and review questionnaires responses and finalize reportsCoordinate other due diligence that needs to be done in addition to security questionnaire when neededCollaborate with VISO Audit, Product, Engineering and Machine Learning personnel to develop continued program process and platform improvementsReport on assessment outcomes, risk levels, and remediation progressKey Skills, Qualifications & ExperienceStrong analytical/critical thinking skillsExcellent written, verbal communication and organizational skillsAbility to perform policy and standard gap analyses based on leading security frameworksKnowledge of common control and policy taxonomies and hierarchies and related languageKnowledge of common third party assurance related documents, their structure and analysis, such as AICPA SOC reports, PCI DSS ROC, HiTrust, ISO 27001 Statements of Applicability, etc.Deep knowledge and experience with regard to the VISO TRUST technology platform and it’s unique approach to text extraction and automated risk determinationBachelor’s degree with a major in Information Security or equivalent combination of education and experience, ie. CISSP, CISA, CIPP, CRISC, CEH, and/or CISM5-8 years of experience with third party cyber risk managementHave performed IT risk assessments against OWASP, PCI, GLBA, NIST, ISO, SIG/AUP or other standardsStrong knowledge base in information security, risk management, privacy, operations, enterprise networking, systems evaluation, and architectureAbility to discern business relevant risk associated with technology control deficiencies, and to identify the corresponding remediation which is required to mitigate the business impactKnowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, Safe Harbor, CSA, etc.Self-starter who can function independently with limited direction but work closely with others when necessary.Knowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, Safe Harbor, CSA, etc.Self-starter who can function independently with limited direction but work closely with others when necessary
Job Title
VISO TRUST | TPRM Auditor (Risk and Compliance)