Iron Mountain TPRM Manager in Harrisburg, Pennsylvania
At Iron Mountain we protect what our customers value most, from the everyday to the extraordinary, while helping them bridge the physical and digital world. Our people have the opportunity to bring their creativity to a workplace that thrives on change. Here, you will be part of a team that doesn’t just embrace what’s exceptional. It creates exceptional.
As a trusted partner to our clients there is a requirement that our Mountaineers must be vaccinated.
The TPRM mission is to manage the firm's risk exposure related to third parties through enhanced risk management practices, and to provide firm leaders with transparency into Iron Mountain’s third party ecosystem, risk exposure and risk decisions.
TPRM Manager is expected to:
Manage a global divers team of TPRM analysts
Coordinate with external providers and internal technology teams regarding platform development, enhancements, integration and issue resolution
Liaise with TPRM risk and compliance groups related to due diligence matters and requests
Collaborate across Risk and Brand Protection and other teams to escalate and resolve issues
Represent TPRM with business partners, internal stakeholders, and external third parties
Manage reporting activity and analyzing metrics for performance
Identify issues for escalation to program leadership
Oversee US and global resources in a remote environment
Support a culture of risk management, risk and control visibility with measurable risk reduction and effective reporting and governance of risk reduction activities.
Develop a Third Party Risk Management assessment lifecycle, establish new policy, review / update existing risk management policy, standards and procedures.
Establish a Technology Risk Management methodology by adopting NIST RMF (SP800-37), CIS v8 Top 18, COBIT 2019, CSA CCM / CSA STAR registry or ISO 31000:2018 frameworks.
Optimize program capabilities in planning, organizing, and integrating cross-functional information technology projects that are significant in scope and impact to the IT Risk and Third Party Management team goals.
Measure, Manage & Mature the program, track progress, drive improvements, develop and report KPIs, KRIs, process metrics and management dashboards.
Maintain organization's effectiveness and efficiency by defining, delivering, and supporting strategic analysis and plans for implementing IT Risk and Third Party program management process.
Participate in performing IT Risk Assessments of all new projects, technology implementations, new & existing vendor onboarding assessments
Determine information security risk profiles for various systems, assets, data, vendors etc., using knowledge of Iron Mountain policy, frameworks, standards and relevant industry best practices.
Ability to conduct risk assessments, characterize the system, identify threats / vulnerabilities, control deficiencies, likelihood determination, impact analysis, risk levels, compensatory control recommendation and results documentation.
Collaborate in stakeholder management, risk articulation, communication, risk reviews, driving risk acceptance and risk treatment activities
Effectively interpret and document testing and monitoring results and develop recommendations for improvements and enhancements.
Identify issues and recommend actions that need to be raised to team leaders for further guidance, direction or follow-up.
Oversee training global TPRM team, risk & compliance groups and stakeholders as needs arise.
Monitor, report and track compliance with firm policies and practices, including system controls.
Collaborate with and represent TPRM with leaders, colleagues and global partners.
Effectively communicate with peers, managers, senior managers
Recommend modifications to technology solutions to meet requirements
Design and manage other third party review activity as needed.
The role will evolve as TPRM expands and changes to meet compliance needs of IRM
Aptitude to learn and utilize technology to perform and document responsibilities
Proven ability designing or enhancing third party risk management or compliance-related activities
Excellent organizational aptitude
Ability to analyze problems and facilitate solutions
Excellent written and verbal communication skills
Ability to think critically, objectively and analytically
Detail-oriented with strong project management, organization, prioritization and time management skills
Flexibility in working on several processes or projects simultaneously to meet team goals and responsibilities
Possess high integrity to handle sensitive and confidential data
Ability to work accurately and efficiently under pressure
Proven ability to work independently and drive projects to completion
Ability to work collaboratively with subject matter resources, often in a virtual and cross border environment
Confidence and poise to work directly with partners, business teams and other firm leaders
Willingness and ability to readily respond to changing circumstances and expectations
Interest in effectively developing other colleagues and creating a culture of compliance, inclusion and professional growth
7+ years Technology Risk Management & Third Party Risk Management experience or a combination of IT-GRC and information security experience
Substantive direct experience in one or more of the following: third party due diligence, compliance programs, risk and controls
Bachelor’s degree with proficiency in Management Information Systems, Technology Management or Cybersecurity
Expertise in technical program management, particularly in areas of security, and/or technology risk management
Demonstrated ability to analyze information and assimilate into consumable management reporting
Professional certification such as CISM, CRISC, CISSP or PMP is a plus
Knowledge/experience with data security and privacy regulations (e.g. NIST CSF, ISO 27001, PCI DSS, GDPR).
Effective communication and relationship-building skills, a natural affinity for being curious and inquisitive, and an ability to work with ambiguity, analyze situations and problem solve.
Category: Information Technology Group
Iron Mountain is committed to a policy of equal employment opportunity. We recruit and hire applicants without regard to race, color, religion, sex (including pregnancy), national origin, disability, age, sexual orientation, veteran status, genetic information, gender identity, gender expression, or any other factor prohibited by law.
To view the Equal Employment Opportunity is the Law posters and the supplement, as well as the Pay Transparency Policy Statement, CLICK HERE