Invesco

Analyst - Third Party Risk

Posted Yesterday

2 Locations

Mid level

Fintech

The Role

The Analyst will support the Third Party Security Risk team by assessing cybersecurity risks from suppliers, conducting risk assessments, and collaborating with various teams to ensure security policies are upheld.

Summary Generated by Built In

As one of the world’s leading asset managers, Invesco is dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world.

If you're looking for challenging work, smart colleagues, and a global employer with a social conscience, come explore your potential at Invesco. Make a difference every day!

Job Description

Your Team

The Third Party Security Risk (TPSR) Team supports the firm's global third party risk management program to identify and communicate data & cyber risks posed by suppliers. TPSR assesses supplier information security, business continuity, and privacy risks in accordance with cybersecurity frameworks and industry best practices.
Your Role

Third Party Risk Analyst will be responsible for supporting the Third Party Security Risk function and team within Global Security at Invesco. This position will serve as a security subject matter expert working with technology and business partners to ensure supplier have established adequate security controls to protect Invesco information and technology assets.
You Will Be Responsible For:

Perform third party security risk assessments and communicate third party risks to senior stakeholders.
Perform ongoing monitoring of third parties through industry benchmarking tools and threat intelligence feeds.
Apply solid understanding of Invesco security policies, and standards to provide timely third party assurance
Partner with legal, compliance, procurement, Technology, Security, and business team to identify supplier security risks and recommends appropriate risk treatment action plans with pragmatic solutions to risk and control issues.
Build sound business relationships across the enterprise to enable a strong understanding and close alignment with business needs, direction, and risk appetite.
Support the risk reporting and key metric processes and assist with coordinating and communicating results of supplier security risk assessments to ensure appropriate implementation of controls for accessing or handling firm information.
Respond appropriately to supplier cyber risk incident, the related investigations, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody.
Educate business teams on supplier information security risk and recommendations.
Manage and maintain repositories, tools, and documentation for supplier information risk assurance.

The Experience You Bring:

Working knowledge of applicable information security standards (e.g. NIST, ISO 27001)
Good understanding of Shared Assessments Third Party Risk Management questionnaire (SIG) is preferred
Good understanding of Information security, audit/risk management methodologies
Good understanding of cloud, application, and Software as a Service (SaaS) security controls.
Good written and oral communication skills.
Familiar with ProcessUnity, ServiceNow, Microsoft Excel and Office.
Ability to co-operate in a team environment
Structured, disciplined approach to work, and good attention to detail
Strong analytical skills with ability to define, collect, analyze data, establish facts, draw valid conclusions, and make fact-based decisions.

Full Time / Part Time

Full time

Worker Type

Employee

Job Exempt (Yes / No)

YesWorkplace Model

At Invesco, our workplace model supports our culture and meets the needs of our clients while providing flexibility our employees value. As a full-time employee, compliance with the workplace policy means working with your direct manager to create a schedule where you will work in your designated office at least three days a week, with two days working outside an Invesco office.

What’s in it for you?

Our people are at the very core of our success. Invesco employees get more out of life through our comprehensive compensation and benefit offerings including:

Flexible paid time off
Hybrid work schedule
401(K) matching of 100% up to the first 6% with a discretionary supplemental contribution
Health & wellbeing benefits
Parental Leave benefits
Employee stock purchase plan

The above information on this description has been designed to indicate the general nature and level of work performed by employees within this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. The job holder may be required to perform other duties as deemed appropriate by their manager from time to time.

Invesco's culture of inclusivity and its commitment to diversity in the workplace are demonstrated through our people practices. We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender, gender identity, sexual orientation, marital status, national origin, citizenship status, disability, age, or veteran status. Our equal opportunity employment efforts comply with all applicable U.S. state and federal laws governing non-discrimination in employment.