CrawlJobs Logo

Third-Party Information Security Assessor

Costa Rica, Heredia · Job Posted July 04, 2026
Apply Position
Job Link Share

Job Description

The Info Sec Prof Lead Analyst is an intermediate level position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Job Responsibility

  • Develop corrective action language for Information Security (IS) gaps and ensure risk closure meets Citi requirements or industry best practices
  • Facilitate the implementation of approved IS tools and identify/recommend new or improved security solutions or emerging technologies
  • Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions
  • Ensure IS compliance and seek opportunities to enhance the efficiency of IS policies and procedures
  • Identify significant IS threats and vulnerabilities, and define appropriate controls for discovered threats, documenting the business response
  • Disseminate changes to IS regulations and standards to Business and Program owners
  • Provide Information Security advice and counsel as needed
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
  • Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers
  • Perform assessments on-site at supplier locations, including availability for travel to other countries in the region, or remotely via conference calls
  • Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls
  • Analyze the responses and documentations to identify information security weaknesses or non-compliance with Citi standards
  • Produce detailed documentation of assessments and perform threat analyses of gaps identified
  • Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks

Requirements

  • 6-10 years of relevant experience
  • Additional technical certifications are preferred
  • Demonstrated ability to research and apply current information regarding the IS field
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Bachelor's degree/University degree or equivalent experience
  • Master's degree preferred
  • 5 years of experience in a similar IT Audit, Assessor, or Information Security Officer role
  • Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains including: Governance and risk management, access control, encryption, physical security, architecture and safety design, business continuity planning/ disaster recovery, network security, applications and operations security and incident management/compliance, as well as applicable laws and regulations
  • Excellent technical or IT audit background of a wide variety of technologies, including server infrastructure and operating systems, network and internet/telecommunications, database architecture and intrusion detection/prevention systems
  • Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques
  • Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines
  • Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately
  • Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person, mainly in Spanish but English is also desirable
  • Strong risk analysis and problem-solving skills
  • Must be flexible to ensure assessments are performed by the mandated compliance date and be able to manage multiple assessments simultaneously
  • Industry certifications such as CISSP, CISA or CISM are preferred, or capability to be certified in 12 months from the hiring date
  • Advanced English proficiency level is desirable
  • Bachelor's degree/University degree or equivalent experience

Nice to have

  • Additional technical certifications
  • Master's degree
  • Industry certifications such as CISSP, CISA or CISM, or capability to be certified in 12 months from the hiring date
  • Advanced English proficiency level

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Third-Party Information Security Assessor

8 matching positions

Head of Governance, Risk and Compliance - CISO function - BPL

The Head of GRC leads the pillar responsible for ensuring the organisation under...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • CISM, CRISC, or CISSP certification
  • Experience with DORA (Digital Operational Resilience Act) compliance requirements and implementation
  • ISO 27001 Lead Auditor or Lead Implementer certification
  • PCI QSA or Internal Security Assessor (ISA) qualification
  • Previous experience in FinTech, Digital Banking, Payment Acquiring organisation
  • Experience with Visa GACS and Mastercard SDP acquirer compliance programmes
  • Significant experience of progressive experience in information security governance, risk, and compliance, with at least 5 years leading a GRC team in a regulated environment
  • Strong understanding of UK GDPR and the role of security controls in meeting data protection obligations, including breach notification requirements and data protection impact assessments
  • Experience designing and operating security control frameworks mapped to multiple regulatory requirements simultaneously (e.g., a single framework serving PCI DSS, FCA, and GDPR)
  • Understanding of cloud-native architectures and their implications for compliance and risk management
Job Responsibility
Job Responsibility
  • Own the security policy framework, ensuring policies are current, proportionate, and aligned to PCI DSS, FCA expectations, UK GDPR, and DORA requirements
  • Maintain and operate the security risk register, ensuring risks are assessed consistently using a defined methodology, owned explicitly, and reported accurately to the CISO and Executive Leadership Team (ETL)
  • Manage the relationship with external auditors, the Qualified Security Assessor (QSA), and 2nd/3rd Line of Defence (LoD) on all security and technology risk matters
  • Own the third-party security assurance process, ensuring all vendors, partners, and card scheme integrations are risk-assessed with a tiered approach proportionate to data access and criticality
  • Chair the monthly Cyber and Tech Risk and Controls Forum, presenting risk posture, compliance status, and material findings to the CISO, CIO and ELT
  • Design and maintain the control framework, mapping controls to PCI DSS, FCA, UK GDPR, and DORA requirements, and ensuring control effectiveness is tested on a continuous cycle
  • Produce KRI dashboards and risk reporting for CISO, CIO, and ELT consumption, ensuring risk is communicated in business terms
  • Lead regulatory and audit engagement on security matters, coordinating regulatory review and audit interactions and proactively managing stakeholder relationships
  • Own the risk assessment calendar, ensuring both cyclical and event-driven assessments are executed on schedule with appropriate rigour
  • Manage the risk acceptance process, ensuring risk acceptance decisions are documented, time-bound, approved at the appropriate authority level, and reviewed before expiry
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Vp - Ai Security & Risk Manager

The Technology department at our client is responsible for creating and continuo...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 175000.00 USD / Year
rennerbrown.com Logo
Renner Brown
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, Data Science, or a related field
  • advanced degree a plus
  • At least 7–10 years of experience in information security, technology risk, or a related field, with a minimum of 3 years focused on AI systems, machine learning security, or AI governance
  • Deep understanding of the AI and LLM landscape, including foundation model architecture, agentic systems, RAG pipelines, and the risk implications of each
  • Hands-on experience evaluating AI platforms and products, including the ability to assess vendor claims about model behavior, data handling, and security controls with appropriate skepticism
  • Familiarity with AI risk frameworks and emerging standards, including NIST AI RMF, MITRE ATLAS, OWASP LLM Top 10, and ISO/IEC 42001
  • Experience with vendor risk management in a regulated financial services environment, including contract negotiation support and third-party security assessments
  • Knowledge of relevant regulatory frameworks including DORA, SOX, SEC cybersecurity disclosure rules, and GDPR/CCPA as they apply to AI data flows
  • Strong technical skills sufficient to evaluate AI system architecture, API security, data pipeline design, and access control models without reliance solely on vendor documentation
  • Excellent communication skills, with the ability to translate highly technical AI risk concepts into clear, decision-ready language for senior leadership, Legal, and Compliance
Job Responsibility
Job Responsibility
  • Own and maintain the firm's AI risk framework, covering model risk, data privacy, adversarial threats, third-party AI, and regulatory compliance
  • Develop and enforce AI usage policies in collaboration with Legal and Compliance, including acceptable use, data classification requirements, and prompt handling standards
  • Maintain an inventory of AI tools deployed firm-wide — both sanctioned and shadow — and assess associated risk profiles
  • Provide regular AI risk reporting to the Head of Technology Risk and senior leadership, including emerging threat trends, vendor posture changes, and control gaps
  • Monitor the evolving regulatory environment for AI (EU AI Act, SEC guidance, DORA, NY DFS) and advise on compliance obligations and required controls
  • Lead security and risk assessments of vendors introducing AI capabilities into existing or new platforms, including evaluating model transparency, data handling practices, and auditability
  • Develop and maintain a structured AI vendor evaluation framework, incorporating criteria for model governance, output reliability, data residency, and incident response obligations
  • Partner with Procurement and Legal to ensure AI-specific provisions are reflected in vendor contracts, including data usage restrictions, model change notifications, and liability terms
  • Maintain a tiered risk register of third-party AI integrations, with ongoing monitoring for material changes to vendor AI functionality, architecture, or ownership
  • Engage directly with vendor security and product teams to assess AI-related controls and drive remediation of identified gaps
  • Fulltime
Read More
Arrow Right

Cyber Security Analyst (NIST Evidence & Compliance)

Robert Half (Technology Solutions) is searching for an Cyber Security Analyst (N...
Location
Location
United States , Chatsworth
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field, equivalent experience considered
  • 3–5+ years of cybersecurity, compliance, or IT security experience
  • Experience with NIST SP 800-171, DFARS 252.204-7012, CMMC Level 2
  • Microsoft Active Directory, Microsoft 365 / Azure, Security logging platforms, Endpoint security tools
  • Understanding of cybersecurity documentation and evidence management practices
  • Experience preparing audit documentation and supporting assessments
  • Strong documentation and organizational skills
  • Ability to communicate technical concepts to non-technical personnel
Job Responsibility
Job Responsibility
  • Must Fully Understand NIST SP 800-171 Controls / what is needed (110 Security Controls in place)
  • Completed Self-Assessment (met some Controls – other Controls not satisfied)
  • Gather Evidence / Artifacts for Audit-Readiness
  • Support Third-Party Assessors during Compliance Assessment
  • Prepare SSPs / POA&Ms / Data Flow & Network Diagrams / Security Training Records / Excel Reports
  • Review Audit Logs to Support Monitoring, Investigation, Reporting
  • Access Control Reviews / Maintain Privileged Account Documentation
What we offer
What we offer
  • Medical
  • Vision
  • Dental
  • Life and disability insurance
  • 401(k) plan
  • Fulltime
Read More
Arrow Right

Vice President - Technology (AI Security & Risk Manager)

The Technology department at our client is responsible for creating and continuo...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 175000.00 USD / Year
rennerbrown.com Logo
Renner Brown
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, Data Science, or a related field
  • advanced degree a plus
  • At least 7–10 years of experience in information security, technology risk, or a related field, with a minimum of 3 years focused on AI systems, machine learning security, or AI governance
  • Deep understanding of the AI and LLM landscape, including foundation model architecture, agentic systems, RAG pipelines, and the risk implications of each
  • Hands-on experience evaluating AI platforms and products, including the ability to assess vendor claims about model behavior, data handling, and security controls with appropriate skepticism
  • Familiarity with AI risk frameworks and emerging standards, including NIST AI RMF, MITRE ATLAS, OWASP LLM Top 10, and ISO/IEC 42001
  • Experience with vendor risk management in a regulated financial services environment, including contract negotiation support and third-party security assessments
  • Knowledge of relevant regulatory frameworks including DORA, SOX, SEC cybersecurity disclosure rules, and GDPR/CCPA as they apply to AI data flows
  • Strong technical skills sufficient to evaluate AI system architecture, API security, data pipeline design, and access control models without reliance solely on vendor documentation
  • Excellent communication skills, with the ability to translate highly technical AI risk concepts into clear, decision-ready language for senior leadership, Legal, and Compliance
Job Responsibility
Job Responsibility
  • Own and maintain the firm's AI risk framework, covering model risk, data privacy, adversarial threats, third-party AI, and regulatory compliance
  • Develop and enforce AI usage policies in collaboration with Legal and Compliance, including acceptable use, data classification requirements, and prompt handling standards
  • Maintain an inventory of AI tools deployed firm-wide — both sanctioned and shadow — and assess associated risk profiles
  • Provide regular AI risk reporting to the Head of Technology Risk and senior leadership, including emerging threat trends, vendor posture changes, and control gaps
  • Monitor the evolving regulatory environment for AI (EU AI Act, SEC guidance, DORA, NY DFS) and advise on compliance obligations and required controls
  • Lead security and risk assessments of vendors introducing AI capabilities into existing or new platforms, including evaluating model transparency, data handling practices, and auditability
  • Develop and maintain a structured AI vendor evaluation framework, incorporating criteria for model governance, output reliability, data residency, and incident response obligations
  • Partner with Procurement and Legal to ensure AI-specific provisions are reflected in vendor contracts, including data usage restrictions, model change notifications, and liability terms
  • Maintain a tiered risk register of third-party AI integrations, with ongoing monitoring for material changes to vendor AI functionality, architecture, or ownership
  • Engage directly with vendor security and product teams to assess AI-related controls and drive remediation of identified gaps
  • Fulltime
Read More
Arrow Right

Senior Security Consultant

We have an exciting opportunity for a Senior Security Consultant to join our gro...
Location
Location
United Kingdom , Glasgow or Reading, Berkshire
Salary
Salary:
Not provided
fsp.co Logo
FSP
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience of designing, leading and delivering cyber governance, risk and assurance outcomes
  • Strong knowledge of recognised cyber security frameworks and standards, including ISO/IEC 27001, NIS Directives, NIST, and UK Government Functional Standards
  • Experience aligning security controls to MOD requirements such as DEFSTAN 05-138, JSP 440, JSP 604 and Defence Cyber Resilience policies
  • Experience applying UK Government security and assurance frameworks, including GovAssure, the Cyber Assessment Framework (CAF), Defence Cyber Certification (DCC) and Government Standard (GovS) 007
  • Relevant academic or professional qualifications, such as, an MSc in cyber security or related specialism, Cyber Essentials Assessor, Cyber Assurance Assessor, CISM, CISSP, PCIRM or ISO/IEC 27001 Lead Implementer or Lead Auditor certification
  • Hold, or are actively working towards, Principal or Chartered Cyber Security Professional (ChCSP) status
  • Eligible to work in the UK and able to obtain and maintain UK security clearances
  • Flexibility to work from home, FSP office locations or at times visit client sites
Job Responsibility
Job Responsibility
  • Lead cyber governance, risk and compliance engagements, applying strong knowledge of cyber threats, risks, controls and mitigations to deliver effective security outcomes
  • Engage with clients to understand their threat landscape and business context, conducting risk and compliance assessments against recognised frameworks (e.g. ISO 27001, NIST, SOC 2)
  • Design, review and advise on the implementation and adoption of information security policies, standards, procedures and frameworks
  • Lead cyber and third-party risk assessments, evaluate supplier security posture, and provide risk-based recommendations for supplier selection and oversight
  • Identify control gaps, document findings, and track remediation activities to support assurance and audit outcomes
  • Produce clear, concise risk and compliance reports for executive and C-suite stakeholders, including prioritised mitigation strategies and improvement roadmaps
  • Contribute to thought leadership and continuous improvement by staying current with industry developments and sharing knowledge across the cyber security community
  • Demonstrate strong communication, stakeholder management and mentoring skills, upholding the highest standards of integrity and professionalism
What we offer
What we offer
  • A collaborative and supportive environment in which you can grow and develop your career
  • The tools and opportunity to do work you can be proud of
  • A chance to work alongside some of the best people in the industry, who always seek to share their knowledge and experience
  • Hybrid working – we empower you to make smart choices about when and where to work to achieve great results
  • Industry leading coaching and mentoring
  • Plus the excellent benefits package we offer at FSP
  • Fulltime
Read More
Arrow Right

Senior Compliance Advisor

We are on the lookout for a competent and enthusiastic Senior Compliance Advisor...
Location
Location
United States
Salary
Salary:
Not provided
quzara.com Logo
Quzara
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree in Information Technology, Cybersecurity, or a related field
  • A minimum of 5 years’ experience in cloud security and compliance, with a strong focus on FedRAMP
  • Demonstrated ability to manage projects efficiently under tight deadlines and budget constraints
  • Proven leadership skills and experience in a role requiring a proactive and hands-on approach
  • Strong negotiation and communication skills, with the ability to engage effectively with technical and compliance professionals
  • In-depth knowledge of cloud security principles and FedRAMP guidelines
Job Responsibility
Job Responsibility
  • Independently lead walkthroughs and manage projects, ensuring adherence to timelines and budgets
  • Efficiently coordinate and produce critical deliverables, including comprehensive policies and procedures documentation
  • Conduct thorough reviews of assessments performed by third-party assessors for accuracy and completeness
  • Skillfully negotiate with federal customers, clarifying and interpreting compliance requirements and control implementations
  • Facilitate fluent conversations with technical architects and compliance experts, bridging technical and compliance perspectives
  • Drive technical discussions on cloud security controls and FedRAMP requirements, demonstrating deep subject matter expertise
  • Execute comprehensive gap assessments, identifying risks and developing strategies for compliance
  • Provide mentorship and guidance to team members, fostering an environment of learning and growth in FedRAMP processes
  • Stay abreast of changes in FedRAMP regulations, ensuring all strategies and processes are up-to-date and compliant
  • Embrace a hands-on, proactive approach to all tasks, demonstrating a strong commitment to achieving project goals and client satisfaction
  • Fulltime
Read More
Arrow Right

Director of Technology - Governance, Risk, and Compliance

We are seeking a Director of Technology - Governance, Risk, and Compliance to de...
Location
Location
United States , San Jose
Salary
Salary:
219000.00 - 290000.00 USD / Year
archer.com Logo
Archer Aviation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8 plus years of experience in Technical Governance, Risk, and Compliance, Risk Management, Audit, or Information Security
  • Minimum of 3 years in a director or senior manager role leading a GRC function or compliance program
  • Expert-level understanding of NIST CSF, SP 800-171, and CMMC Level 2 frameworks
  • Hands-on experience managing NIST CSF, 800-171 compliance programs or leading CMMC Level 2 assessments and certification initiatives
  • Strong knowledge of SOX Section 404 requirements, particularly IT General Controls (ITGC)
  • Deep understanding of ITAR and EAR export control regulations
  • Proficiency in risk management methodologies
  • Experience designing and operating control frameworks (ISO 27001, NIST CSF, SOC 2 Type II)
  • Strong communication skills to present complex compliance and risk concepts
  • Demonstrated ability to lead and mentor teams, manage budgets, and drive cross-functional initiatives
Job Responsibility
Job Responsibility
  • Develop and execute a comprehensive Cyber-focused Governance, Risk, and Compliance (GRC) strategy
  • Lead the design and implementation of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms)
  • Establish and manage an enterprise-wide risk management program
  • Design and enforce a control framework
  • Conduct or coordinate regular compliance assessments and internal audits
  • Manage relationships with external auditors, assessors, and regulators
  • Develop and maintain comprehensive compliance documentation
  • Lead the design of third-party and vendor risk management processes
  • Drive compliance training and awareness programs across the organization
  • Stay current with emerging regulatory changes
  • Fulltime
Read More
Arrow Right

Senior Security Program Manager

We are seeking a skilled and detail-oriented Senior Security Program Manager, Pu...
Location
Location
United States , New York
Salary
Salary:
160400.00 - 259150.00 USD / Year
ramp.com Logo
Ramp
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in information security or compliance, with a focus on government and public sector regulatory frameworks (e.g., FedRAMP, GovRAMP, FISMA, NIST RMF)
  • Knowledge of NIST SP 800-53 and experience mapping controls across frameworks
  • Experience with cloud environments like AWS GovCloud or Azure Government, including implementation of compliant architectures
  • Proven ability to manage large-scale compliance programs across diverse stakeholder groups
  • Demonstrated success developing and maintaining regulatory documentation and audit evidence
  • Experience leading engagements with internal teams, assessors, and government partners
  • Strong written and verbal communication skills, including translating between technical and executive audiences
  • Excellent organizational skills and the ability to manage multiple initiatives with competing priorities
  • Self-starter with strong problem-solving abilities in ambiguous, fast-moving environments
Job Responsibility
Job Responsibility
  • Lead all aspects of the compliance lifecycle across multiple public sector frameworks (e.g., FedRAMP, GovRAMP), including risk assessments, continuous monitoring, audits, and authorization management
  • Drive complex cross-functional program management efforts involving teams across security, legal, engineering, infrastructure, and product functions
  • Serve as a subject matter expert on risk management and regulatory compliance for federal, state, and local government environments
  • Develop and maintain comprehensive security documentation aligned with applicable frameworks, including System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and data flow diagrams
  • Monitor compliance with control requirements (e.g., NIST 800-53, GovRAMP Baselines) and coordinate the implementation of technical and procedural safeguards
  • Engage with third-party assessors (3PAOs or independent assessors), government sponsors, and internal teams to support assessments and audits
  • Lead readiness assessments and support the prioritization of remediation activities across teams
  • Manage timely tracking and closure of vulnerabilities and findings
  • ensure reporting and documentation obligations are met
  • Provide risk-informed compliance recommendations that influence infrastructure and product development decisions
What we offer
What we offer
  • 100% medical, dental & vision insurance coverage for you
  • Partially covered for your dependents
  • One Medical annual membership
  • 401k (including employer match on contributions made while employed by Ramp)
  • Flexible PTO
  • Fertility HRA (up to $10,000 per year)
  • Parental Leave
  • Unlimited AI token usage
  • Pet insurance
  • Centralized home-office equipment ordering for all employees
  • Fulltime
Read More
Arrow Right