IT Manager, Third Party Risk

Location

New York - 225 Liberty Street, Suite 4301 (BP)

Business

At Brookfield Properties, our global network and relationships are here for our tenants and partners — wherever they are in the world. Where going to work never feels routine. We integrate commercial real estate with world-class shops, restaurants, and entertainment, creating spaces where work and play don’t just coexist, but thrive. If you’re ready to be a part of our team, we encourage you to apply.

Job Description

We Are Brookfield Properties:

We are seeking an IT Manager, Third-Party Risk to join the Brookfield Properties U.S. Office Division in New York, NY. In this role, you will play a key part in inspiring change and continual improvement. If you are committed to excellence and ready to contribute to a dynamic culture, we would love to meet you.

The IT Manager, Third-Party Risk will join our Information Security team. Reporting directly to the Director of IT GRC, this pivotal role will oversee the operational and strategic aspects of our third-party cyber risk program. We seek a self-driven leader with a passion for process improvement and the ability to serve as a subject matter expert in vendor and compliance risk management.

Role & Responsibilities:

• Independently conduct thorough third-party information security risk assessments, due diligence, and ongoing oversight of third-party services to ensure compliance and security

• Collaborate with third parties and internal partners to develop and implement corrective action plans, mitigating and resolving third-party risks effectively

• Play a vital role in shaping the department's overall strategy, processes, and approaches, demonstrating strong expertise in cybersecurity and compliance

• Collaborate seamlessly with leadership, multiple internal organizations, external parties, legal, compliance, IT, and business units to leverage relationships, address priority issues, proactively identify, and promptly mitigate risks associated with third-party engagements

• Drive process innovation, including activities like automation, and lead initiatives to enhance the efficiency, effectiveness, and operational capabilities of the third-party risk management program

• Establish and maintain a comprehensive third-party risk register to address potential vulnerabilities across significant risk areas

• Review contractual agreements to ensure proper provisions are included to protect company data in third-party engagements

• Administer program procedures, tools, and related support materials to maintain consistent and effective risk management practices

Your Qualifications:

• Bachelor's degree in Business, Computer Science, Information Technology, or related field. Related certifications (e.g., CISA, CISSP, CRISC) will be helpful

• 7+ years of combined IT and experience in third-party risk management in a global company

• Professional information security experience, including conducting comprehensive third-party risk assessments

• Act as a subject matter expert on third-party risk management, providing guidance and training to internal stakeholders

• Strong knowledge in understanding and ability to review and analyze SOC reports

• Strong knowledge of industry standards and regulations, including ISO 27001, NIST, GDPR, PCI, SOX, and other data/privacy regulations and standards

• Strong understanding and practical experience in implementing risk management frameworks. This includes a comprehensive grasp of the risk management cycle, covering areas such as vulnerabilities, threats, and controls, enabling practical evaluation and mitigation of third-party risks

• Extensive knowledge of data security, access control systems, and related matters

• Ability to deliver regular reports and updates to senior management on the status of third-party risk management efforts, including establishing KPIs and metrics to gauge program effectiveness

• Detail-oriented with excellent analytical, problem-solving, and organizational skills, coupled with strong communication abilities (both written and verbal)

• Proven ability to work independently and in a team environment

• Ability to coordinate and perform multiple tasks/projects simultaneously, balancing priorities and deliverables

• Experience with the OneTrust third-party risk management module is a plus

• Knowledge of PowerBI is a plus

• Additionally, may be required to perform other duties as assigned

Compensation:

Salary Type: Non-exempt

Pay Frequency: Bi-weekly

Annual Base Salary Range: $105,000-$135,000

We are proud to create a diverse environment and are proud to be an equal opportunity employer. We are grateful for your interest in this position, however, only candidates selected for pre-screening will be contacted.

#BPUS