Enterprise Security Contract Lead
Employment Type: Full-Time
Enterprise Security Contract Lead - INF001602
The Enterprise Security Contract Lead is tasked with crafting, updating, and negotiating the security language in all technology purchasing agreements. Partnering with our Sourcing and Procurement team members and other multi-functional teams to identify the technical design, security requirements/risks, and influencing partners. Negotiate and execute risk-based decisions that align with UScellular's risk tolerance. Drive the strategy and process which ensures the company is making informed, best security contract decisions. Act as the informal leader for security on sourcing, procurement, and risk assessment. Accountable for educating other team's members as well as members of the Sourcing and Procurement team on the security contract standard methodologies and risk.
* Negotiate with Third parties and Redline Security Contract Plug-in's as needed staying in alignment with the company's risk tolerance procedures.
* Build and create business cases/value propositions for identified sourcing opportunities
* Actively mentor and train team members on Third-Party Risk Management processes, governance, and frameworks
* Build and manage relationships with key partners and work multi-functionally with team members to support and drive a participatory team environment
* Develop, organize, and document remediation action plans.
* Develop, Influence, and lead new risk policies, practices, appetites, and solutions to ensure holistic understanding and management of contract risks according to industry standard methodology
* Design, improves and adds to strategies, tools, and methodologies to measure, monitor, and report contract risk.
* Technical knowledge of a wide range of information security and business continuity controls and the processes used for evaluating their design and efficiency.
* Possess strong written and verbal interaction skills including ability to communicate clearly and concisely to various levels, up to and including executive level management, and explain the need for key controls to technical and non-technical resources.
* Update Security Contract Plug-ins as needed, collaborating with Security Architecture team
* 10+ years' progressively responsible professional experience, specifically with third-party risk management, assurance and / or oversight or relevant supplier or third-party audit or compliance contract exposure.
* Information Security Controls (Infrastructure Security, Access Management, Physical Security, Application Security, etc.)
* Skilled in NIST, ISO, SDLC, COBIT, IT Compliance, SOX, CPNI, PCI Compliance and ITIL standards.
* Expert knowledge of Third-Party Risk Management processes and methodologies.
* Proficiency with data analysis skills and problem-solving abilities.
* Good interpersonal, written, and oral communication skills.
* Previous information technology/security audit/assessment experience.
* Ability to demonstrate good attention to detail and analytical skills.
* Ability to multi-task and work both independently as well as part of an assessment team.
* Proficiency in planning, executing and detailing assessment activities following established processes and procedures or establishing process and procedures as needed.
* Experience establishing risk appetite frameworks.
: Information Technology
U.S. Cellular® is an EEO employer and gives consideration to qualified applicants without regard to race/color/age/religion/sex/sexual orientation/gender identity/national origin/disability/veteran status, pregnancy or genetic information.