Citrix Systems Inc. Third Party Vendor Risk Manager in United States
We believe work is not a place, but rather a thing you do. Our technology revolves around this core philosophy. We are relentlessly committed to helping people work and play from anywhere, on any device. Innovation, creativity and a passion for ever-improving performance drive our company and our people forward. We empower the original mobile device: YOU!
Location:Fort LauderdaleRequisition:R21274 Third Party Vendor Risk Manager (Open)Job Posting Title:Third Party Vendor Risk Manager
What we're looking for:
You have proven experience developing an effective and streamlined Vendor Risk Management process and implementing Vendor Risk Management tools.
As the Third Party Vendor Risk Manager you will manage the overall Vendor Risk Management function at Citrix and identify, monitor, and mitigate risks and gaps associated with third-party technology and security providers. Vendor risk management will include the ongoing compliance assessments, coordination, execution and analysis of vendor security practices, governance and regulatory compliance. In addition, you will be tasked with compiling data and completing documentation related to vendor risk, as well as ensuring that the issues that arise are appropriately captured, assessed, and mitigated to acceptable levels. This role will require strong collaboration and teaming skills across different departments at Citrix to ensure there is a streamlined Third Party Risk Management process. This role will be part of Digital Risk Governance Group, reporting to the Director thereof.
Primary Job Responsibilities
Develop, coordinate, and implement vendor risk management frameworks, policies and processes within a broader enterprise, operational and technology risk management model.
Implement or optimize Vendor Management Tools, where applicable.
Perform due diligence on an individual third party relationship to assess the technology and other business related risks.
Develop, coordinate, plan and execute security assessments of third parties vendors focusing on compliance with regulations, company policies, and internal controls.
Facilitate and manage risk assessments and /or security initiatives from communication, approval and report distribution to key stakeholders, business units and management.
Review internal and external security and technical test reports (audit, vulnerability and penetration test results, business resiliency Plans, etc.) to validate the effectiveness of operational controls.
Capture, present and effectively communicate the status and risk exposure of overall vendor risk for different levels of stakeholders (management, executive leadership team, committees).
Develop, monitor and possibly execute vendor remediation actions and mitigation plans when risks or events are identified.
Collaborate with information security, IT, procurement, compliance and other teams, as needed, to maintain an effective vendor management program.
Manage vendor risks as defined in vendor contracts and in accordance with existing risk management programs and policies.
Communicate identified risk requirements and mitigation plans to internal stakeholders and responsible vendors while supporting the response to and addressing of these issues.
Represent the Citrix Digital Risk Governance team as part of a cross-functional work group for vendor risk reduction.
Build communication and escalation plans around vendor risk management activities.
Influence vendors and business partners to ensure compliance with risk management policies.
Work with regulatory officers and auditors as necessary.
Willingness to participate in other governance and compliance technology projects.
Ideally three to five years of experience in managing risk and compliance issues, or similar experience managing applications, projects or systems that require identification, evaluation and remediation if risk
Ability to lead others, work as part of a team, and independently.
Technical background or demonstrable understanding of a range of security and IT risks and operations.
Strong business background; experience gathering and interpreting risks and associated impacts in context of financial and operational concerns.
Strong understanding of complex vendor risk-related issues through demonstrated experience managing vendor relationships, information security or regulatory compliance programs, and audits.
Strong interpersonal and collaboration skills across different departments.
Excellent communication skills (verbal and written) and ability to interact with external third parties, vendors and partners
Familiar with assessment frameworks/standards (e.g. NIST framework, ISO/27000 Series, BITS SIG, SOC 1, SOC 2)
Familiarity with local/regional/global industry and government regulations: Sarbanes-Oxley Act, Payment Card Industry Security [PCI] Standards, Health Insurance Portability and Accountability Act [HIPAA] and FedRAMP
Experience influencing third parties and managing vendor relationships.
Ability to work in a fast paced environment and multi-task.
Ability to prioritize and organize work
MBA or other advanced degree is desirable
Desired professional qualifications may include:
Certification in Risk Management Assurance (CRMA)
Certified Information Systems Auditor (CISA)
Certified Information Systems Security Professional (CISSP)
Requires deep knowledge of job area obtained through advanced education combined with experience.
Viewed as having a specialty within discipline. May have broad knowledge of project management.
Requires a University Degree or equivalent experience and minimum 8 years of prior relevant experience; or Master’s degree with 6 years; or PhD with 3 years of experience
What you’re looking for:
Our technology is built on the idea that everyone should be able to work from anywhere, at any time, and on any device. It’s a simple philosophy that guides everything we do — including how we work. If you’re an engineer, we’ll give you plenty of ways to test your skills on cutting edge technology. We want employees to do what they do best, every day.
Be bold. Take risks. Imagine a better way to work. If this sounds like you then we’d love to talk.
Functional Area:Security and Technology Governance and Compliance
Citrix is a cloud company that enables mobile workstyles. We create a continuum between work and life by allowing people to work whenever, wherever, and however they choose. Flexibility and collaboration is what we’re all about. The Perks: We offer competitive compensation and a comprehensive benefits package. You’ll enjoy our workstyle within an incredible culture. We’ll give you all the tools you need to succeed so you can grow and develop with us.
Citrix Systems, Inc. is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination on the basis of age, race, color, gender, sexual orientation, gender identity, ethnicity, national origin, citizenship, religion, genetic carrier status, disability, pregnancy, childbirth or related medical conditions, marital status, protected veteran status and other protected classifications.
Citrix uses applicant information consistent with the Citrix Recruitment Policy Notice at https://www.citrix.com/about/legal/privacy/citrix-recruitment-privacy-notice.html
Citrix welcomes and encourages applications from people with disabilities. Reasonable accommodations are available on request for candidates taking part in all aspects of the selection process. If you are an individual with a disability and require a reasonable accommodation to complete any part of the job application process, please contact us at (877) 924-8749 or email us at ASKHR@citrix.com for assistance.
If this is an evergreen requisition, by applying you are giving Citrix consent to be considered for future openings of other roles of similar qualifications.
Citrix (NASDAQ:CTXS) aims to power a world where people, organizations and things are securely connected and accessible to make the extraordinary possible. We help customers reimagine the future of work by providing the most comprehensive secure digital workspace that unifies the apps, data and services people need to be productive, and simplifies IT’s ability to adopt and manage complex cloud environments. With 2017 annual revenue of $2.82 billion, Citrix solutions are in use by more than 400,000 organizations including 99 percent of the Fortune 100 and 98 percent of the Fortune 500.