Third Party Risk Manager

Job Description

Third Party Risk Manager

This position is responsible for operationalizing and maintaining the Third Party Risk Management program, including coordination and execution of activities to ensure risk assessments are performed for critical third parties throughout the organization.

With direction, the Information Security Third Party Risk Manager establishes and maintains relationships with the business owners to identify third parties, provide information regarding potential risks to the business information and content assets, and support review of contracts and implementation of riders. In addition, works with relevant groups to leverage Application Criticality Assessments, performs Business Impact Assessments, completes risk assessments, identifies requirements, implements policies and procedures, and maintains an inventory of critical third parties.

This role will work closely with the other Information Security functional areas, as well as other departments within Sony such as the Corporation Global Information Security & Privacy (GIS&P) team, SPE corporate functions such as People & Organization, Corporate Communications, Legal Compliance, Strategic Sourcing, Investigative Services, Information Technology and business unit personnel.

Responsibilities:

Risk Management
• Works with Information Governance to ensure Application Criticality Assessments have been completed as applicable. Perform Business Impact Assessments to identify critical third parties. Completes and manages risk assessments through to Risk Remediation and Risk Treatment Plans. Provide informed decisions to management concerning the potential risks to the business. Work with business owners and project managers to mitigate risk.
• Conduct periodic reviews with business owners to re-assess the information security classification and criticality ratings of information assets.
• Maintain the inventory of information assets and third parties.

Contract Review/Rider Implementation
• Work with Strategic Sourcing to review contracts and provide direction, feedback and recommendations on Security Riders for all third parties; partner with Strategic Sourcing develop and standardize a process to manage third party intake, assessment and remediation processes.
• Support the development and enhancement of processes to ensure compliance with applicable information security requirements; participate in the development and maintenance of supporting procedures.
Operations Management
• Contribute to development of strategy and plans for Information Security initiatives.
• Assist in developing and providing KPIs and metrics for Information Security program and initiatives.
• Contribute to and support continuing operational improvements and efficiencies.

Requirements:
• Candidates will have a four year degree relating to information technology, compliance, information management, and/or information security and a minimum of 5 year's work experience.
• Self-motivated, creative and detail-oriented with a strong knowledge of information management and/or information governance processes and technologies.
• Direct experience working in Information Security and demonstrated experience performing risk assessments and analysis.
• Knowledge of risk management methodologies and practices
• Capable of authoring and presenting professional Information Security guidance documents, presentations, procedures, and/or educational material.
• Aptitude and interest in information technologies, critical thinking, change management, and project management is a must.
• Strong written and verbal communication skills.
• Ability to prioritize multiple tasks and demands.
• Equally skilled at working independently and within a team.
• Maintain a professional demeanor when dealing with confidential and sensitive issues.
• Strong problem solving, decision making and follow-through abilities.
• Ability to work effectively in a multicultural, multinational environment consisting of cross-functional, high performance teams.
• Ability to work within virtual and/or matrixed teams to complete a project or task.
• Establish and maintain relationships in key business areas
* Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics.

* Sony Pictures - CA - Culver City Area & Studios

Jobcode: Reference SBJ-g36e59-18-119-131-72-42 in your application.