Technology and Third-Party Risk Management Specialist
hace 3 días
Sant Just Desvern
ppbCity: /b Sant Just Desvern bState: /b Barcelona (ES-B) bCountry: /b Spain (ES) bRequisition Number: /b 45350 /p h3Overview /h3 pThe Technology and Third-Party Risk Management Specialist demonstrates a high level of professionalism, prioritizing the effective management of cybersecurity governance, risk, and compliance activities. This role will perform, and continuously improve Risk Management assessments, risk registration, prioritized risk remediation, third party and application evaluations, and will maintain the risk register in Bunge’s Governance, Risk and Compliance automation to support the overall effectiveness of the BT organization in alignment with Risk Management standards (e.g., NIST 800-30, 800-37, NIST CSF 2.0). /p h3Essential Functions /h3 ul liServe as liaison to coordinate Governance, Risk, and Compliance activities with key stakeholders to enable effective Cybersecurity, risk assessment, risk registering exceptions management, issue management and the alignment against applicable industry best practices (e.g. NIST, ISO, COBIT, PCI DSS) as needed. /li liDefine and identify control gaps, provide recommendations for control process improvements, and support control owners’ corrective action plans for remediation. /li liConduct risk assessments, internal audits, and investigations to identify and address potential compliance issues. /li liConduct end-to-end third-party risk assessments, including inherent risk, due diligence reviews, and ongoing monitoring of vendors and service providers. /li liPerform risk analysis and document findings, including identification of control gaps, risk ratings, and recommended remediation actions aligned with organizational risk appetite. /li liTrack and follow up on remediation activities for identified vendor risks, ensuring timely closure and proper documentation of risk treatment or acceptance. /li liStay informed on evolving regulatory requirements, cybersecurity threats, and industry best practices related to third-party and supply chain risk. /li liParticipate in continuous improvement initiatives, including automation, process optimization, and integration of TPRM within broader enterprise risk management frameworks. /li liProvide subject matter expertise on third-party risk management concepts and advise stakeholders on risk-based decision-making. /li liEffectively utilize process automation and reporting through Bunge’s Governance, Risk and Compliance (GRC) automation – Optro Infosec. /li liActively collaborate and support partner functions across Bunge’s Governance, Risk and Compliance functions, and with stakeholders throughout BT and Cybersecurity. /li liExecutes short to mid-term strategic initiatives driven by the department, including collaboration with partner Governance, Risk and Compliance functions. /li liRecognized as an expert, both internally external to Bunge in the design, performance and continuous improvement of governance, risk and compliance related services and capabilities. /li liSupports the evaluation, prioritization, registration, monitoring, and mitigation of risks and compliance and control deficiencies through collaboration with various functions within BT and across various Bunge business stakeholder groups (e.g., Internal Audit, Legal, Compliance, Privacy). /li liLeverage industry experience and knowledge of applicable best practices, frameworks, and guidance to define effective programs, monitor and strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge’s BT and Cybersecurity internal control environment. /li liSolve highly complex, multidimensional problems that require extensive investigation and advanced application of expertise to determine root cause, to advise leadership on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including longstanding or unprecedented improvements without a historical precedent. /li liLeverage both a measured reactive and a deliberate proactive approach to the assurance and continuous improvement of BT and Cybersecurity internal controls, staying informed of emerging industry trends and techniques and changes in regulations to ensure continuous compliance. /li liEffectively partner with colleagues within Bunge’s Governance, Risk and Compliance function, across BT and Cybersecurity, and with various business stakeholders to ensure the adequacy and sufficiency of internal controls and supporting capabilities. /li liActively contribute to large global projects that include governance, risk and compliance related capabilities and scope to ensure adherence to applicable policies, assurance of control performance, and the achievement of team and program goals. /li liEducate BT leadership and functional areas about design adequacy, operating effectiveness, and techniques to ensure continuous compliance and improvement over their internal controls. /li /ul h3Qualifications /h3 ul liBachelor's degree in computer science or information systems, risk management, accounting, finance, or equivalent combination of education and work experience. /li li7+ years of experience in compliance and controls assurance, internal audit, or a related field. /li liExtensive knowledge of IT/Cyber Risk Management practices and frameworks required. /li liDemonstrated experience in the monitoring and improvement of Information Technology general controls, Cybersecurity controls, and/or compliance programs required. /li liSolid understanding of Governance, Risk and Compliance methodologies and effective automation through GRC tooling. /li liNice to have: Experience with Optro InfoSec preferred (i.e., Cyber Risk Management and Third-Party Risk Management modules). /li liProven experience implementing Information Technology and Cybersecurity frameworks required. Possible examples include, but not limited to: COBIT, NIST CSF 2.0, ISO 27k, NIST 800-30, NIST 800-37, NIST 800-161, NIST 800-53. /li liCertifications such as CISA, CRISC, CGEIT or CISSP preferred. /li liAbility to manage and execute numerous parallel activities in a fast-paced, dynamic environment. /li liAbility to build and maintain constructive and collaborative working relationships with a diverse community throughout the organization. /li liAbility to effectively communicate and articulate risk management in both written and verbal manner to influence both technical and non-technical audiences at all levels of the company including executives. /li liExcellent analytical and problem‑solving skills. /li liActively shapes our company culture (e.g., supporting employee resource groups, mentoring employees, volunteering, joining cross‑functional projects). /li liChampions our cultural norms (e.g., willing to have cameras when it matters, helping onboard new team members, building relationships, etc.). /li liDemonstrate a company ownership mindset, thinking beyond boundaries of their own area and responsibilities. /li liAbility to work with limited direct management to participate in governance, risk and compliance related efforts, improve practices, coordinate cross‑functional activities and to successfully deliver strategic outcomes. /li liRecognized as an expert in risk management and third‑party risk management. /li liCan apply both a measured reactive and a deliberate proactive approach to the assurance and continuous improvement of BT and Cybersecurity internal controls, staying informed of emerging industry trends, risks and techniques and changes in regulations to ensure continuous compliance. /li liLeverage industry experience and knowledge of applicable best practices (e.g., COBIT, NIST CSF, ISO 27k, NIST 800-30, NIST 800-37, NIST 800-161, NIST 800-53) frameworks, and guidance to establish effective governance, strengthen internal controls, risk‑prioritize requisite remediation, and to improve the overall posture of Bunge’s BT and Cybersecurity programs. /li liApply expertise to determine root cause, to advise leadership on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including longstanding or unprecedented improvements without a historical precedent. /li liAbility to work independently and as part of a cross‑functional team. /li /ul /p #J-18808-Ljbffr