New York, New York, USA
17 days ago
IT Manager, Third Party Risk

Location

New York - 225 Liberty Street, Suite 4301 (BP)

Business

At Brookfield Properties, our global network and relationships are here for our tenants and partners — wherever they are in the world. Where going to work never feels routine. We integrate commercial real estate with world-class shops, restaurants, and entertainment, creating spaces where work and play don’t just coexist, but thrive. If you’re ready to be a part of our team, we encourage you to apply.

Job Description

We Are Brookfield Properties:

We are seeking an IT Manager, Third-Party Risk to join the Brookfield Properties U.S. Office Division in New York, NY. In this role, you will play a key part in inspiring change and continual improvement. If you are committed to excellence and ready to contribute to a dynamic culture, we would love to meet you.

The IT Manager, Third-Party Risk will join our Information Security team. Reporting directly to the Director of IT GRC, this pivotal role will oversee the operational and strategic aspects of our third-party cyber risk program. We seek a self-driven leader with a passion for process improvement and the ability to serve as a subject matter expert in vendor and compliance risk management.

Role & Responsibilities:

Independently conduct thorough third-party information security risk assessments, due diligence, and ongoing oversight of third-party services to ensure compliance and security

Collaborate with third parties and internal partners to develop and implement corrective action plans, mitigating and resolving third-party risks effectively

Play a vital role in shaping the department's overall strategy, processes, and approaches, demonstrating strong expertise in cybersecurity and compliance

Collaborate seamlessly with leadership, multiple internal organizations, external parties, legal, compliance, IT, and business units to leverage relationships, address priority issues, proactively identify, and promptly mitigate risks associated with third-party engagements

Drive process innovation, including activities like automation, and lead initiatives to enhance the efficiency, effectiveness, and operational capabilities of the third-party risk management program

Establish and maintain a comprehensive third-party risk register to address potential vulnerabilities across significant risk areas

Review contractual agreements to ensure proper provisions are included to protect company data in third-party engagements

Administer program procedures, tools, and related support materials to maintain consistent and effective risk management practices

Your Qualifications:

Bachelor's degree in Business, Computer Science, Information Technology, or related field. Related certifications (e.g., CISA, CISSP, CRISC) will be helpful

7+ years of combined IT and experience in third-party risk management in a global company

Professional information security experience, including conducting comprehensive third-party risk assessments

Act as a subject matter expert on third-party risk management, providing guidance and training to internal stakeholders

Strong knowledge in understanding and ability to review and analyze SOC reports

Strong knowledge of industry standards and regulations, including ISO 27001, NIST, GDPR, PCI, SOX, and other data/privacy regulations and standards

Strong understanding and practical experience in implementing risk management frameworks. This includes a comprehensive grasp of the risk management cycle, covering areas such as vulnerabilities, threats, and controls, enabling practical evaluation and mitigation of third-party risks

Extensive knowledge of data security, access control systems, and related matters

Ability to deliver regular reports and updates to senior management on the status of third-party risk management efforts, including establishing KPIs and metrics to gauge program effectiveness

Detail-oriented with excellent analytical, problem-solving, and organizational skills, coupled with strong communication abilities (both written and verbal)

Proven ability to work independently and in a team environment

Ability to coordinate and perform multiple tasks/projects simultaneously, balancing priorities and deliverables

Experience with the OneTrust third-party risk management module is a plus

Knowledge of PowerBI is a plus

Additionally, may be required to perform other duties as assigned

Compensation:

Salary Type: Non-exempt

Pay Frequency: Bi-weekly

Annual Base Salary Range: $105,000-$135,000

We are proud to create a diverse environment and are proud to be an equal opportunity employer. We are grateful for your interest in this position, however, only candidates selected for pre-screening will be contacted.

#BPUS

Confirm your E-mail: Send Email