Third Party Risk Analyst

Company Description
Zayo provides mission-critical bandwidth to the world's most impactful companies, fueling the innovations that are transforming our society. Zayo's 133,000-mile network in North America and Europe includes extensive metro connectivity to thousands of buildings and data centers. Zayo's communications infrastructure solutions include dark fiber, private data networks, wavelengths, Ethernet, and dedicated Internet access. Zayo serves wireless and wireline carriers, media, tech, content, finance, healthcare and other large enterprises.
The Cybersecurity Analyst provides a variety of operational, compliance, and consultative functions. This position helps implement, manage, and monitor technical and administrative controls to protect the confidentiality, integrity, and availability of the organization's information assets. Partners with IT, business units and other Cybersecurity groups to support business and regulatory objectives.
Responsibilities

• Support the GRC team with the implementation and maintenance of compliance requirements across the company's cybersecurity program
• Execute processes to intake, assess and communicate 3rd party risks
• Manage and maintain Third Party Risk Management policies, standards, and procedures
• Support the continuous improvement of risk assessment processes used in the assessment of suppliers
• Oversee, and track timely resolution of Third-Party Risk Management Issues
• Generate documentation, reports, and audit evidence to support validation of the effectiveness of the overall program
• Develop risk scorecards for business units
• Support internal and external audits such as annual SOX, PCI DSS, HIPAA, SOC, ISO and similar
• Collaborate across Cybersecurity, IT, Internal Audit, and Legal organizations to obtain and share knowledge broadly

Qualifications

• BS/BA in related field preferred
• CISSP or CRISC preferred
• 3+ years of experience in governance, risk and compliance and security aspects of information systems, Ebusiness, computer networking, telecommunications, systems development and management
• Experience in developing, documenting and maintaining policies, processes, procedures and standards
• Significant experience with GRC technologies, such as Archer, MetricStream, ServiceNow, etc.
• Strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships
• Ability to interact with personnel at all levels and across all business units and organizations, and to comprehend business imperatives
• Strong verbal and written communication skills with attention to detail for high quality work products
• Familiarity with security frameworks (NIST, ISO, CIS)
• One or more related certifications obtained or in process (e.g. ISC2, ISACA, SANS GIAC, CompTIA, ITIL, etc.)

Base pay range: $67,500- $90,000, commensurate with experience
Benefits, Rewards & Wellness

• Excellent Health, Dental & Vision Insurance
• Retirement 401(k) Savings Plan
• Fitness membership discounts
• Generous paid time off policy including paid parental leave

Zayo provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, provincial or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.