As one of the world’s leading asset managers, Invesco is dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world.
If you're looking for challenging work, smart colleagues, and a global employer with a social conscience, come explore your potential at Invesco. Make a difference every day!
Job Description
Your Team
This role will support the Third Party Security Risk function and team within Global Security at Invesco. This position will serve as a security subject matter expert working with third parties, technology, and business partners in ensuring suppliers have implemented adequate security controls to protect Invesco information and technology assets. This position will closely work with Business and Security teams to deliver of high quality, value added assurance and audit reports for a portfolio of outsourced business activities, which meet the requirements of the Boards of Invesco and, their affiliates and of Invesco’s respective regulators, globally. The role will align and liaise with Procurement, Supplier Management, Legal, Compliance, and Technology Governance.
Evaluates and develops data security policies and procedures, safeguarding information and systems and identifying new areas of risk. Prevents, monitors and responding to breaches and cyber-attacks through continuous development of the firm's technical security capabilities.
Your Role
This role will support the Third Party Security Risk function and team within Global Security at Invesco. This position will serve as a security subject matter expert working with third parties, technology, and business partners in ensuring suppliers have implemented adequate security controls to protect Invesco information and technology assets. This position will closely work with Business and Security teams to deliver of high quality, value added assurance and audit reports for a portfolio of outsourced business activities, which meet the requirements of the Boards of Invesco and, their affiliates and of Invesco’s respective regulators, globally. The role will align and liaise with Procurement, Supplier Management, Legal, Compliance, and Technology Governance.
Evaluates and develops data security policies and procedures, safeguarding information and systems and identifying new areas of risk. Prevents, monitors and responding to breaches and cyber-attacks through continuous development of the firm's technical security capabilities.
You Will Be Responsible For:
- Lead third party security risk assessments and communicate third party risks to senior stakeholders
- Provide strong security risk management expertise in the continuous improvement of the Third Party Security Risk Assessment framework, methodology, program, processes and technologies.
- Respond appropriately and lead third party cyber risk incident, the related investigations, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody
- Support the risk reporting and key metric processes, and assist with coordinating and communicating results of third party risk assessments to ensure appropriate implementation of controls for accessing or handling firm information
- Respond appropriately and lead third party cyber risk incidents, the related investigations, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody
- Educate business teams on third party information security risk and recommendations
- Review security schedules as part of the contracts; Participate as a subject matter expert in contract negotiations.
- Manage and maintain repositories, tools, and documentation for third party information risk assurance
The Experience You Bring:
- 6+ years of experience in Information Security third party / vendor risk management
- Strong experience in conducting security risk assessment and continuous monitoring of third parties
- Strong experience in security risk assessment methodology and program development
- Strong experience with Third Party Security risk management tools (Process Unity preferred) to automate assessment processes and reporting
- Strong experience in cloud security and application security
- Strong experience with Shared Assessments Third Party Risk Management questionnaire (SIG) is preferred
- Strong understanding of audit / risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security.
- Comprehensive working knowledge of industry standards (NIST, COBIT, COSO, ITIL)
- Building and managing relationships within the organization
- Proficient in data analysis and reporting
- High proficiency in Microsoft Office (Word, Excel, PowerPoint) required
Full Time / Part Time
Full time
Worker Type
Employee
Job Exempt (Yes / No)
Yes
Workplace Model
At Invesco, our workplace model supports our culture and meets the needs of our clients while providing flexibility our employees value. As a full-time employee, compliance with the workplace policy means working with your direct manager to create a schedule where you will work in your designated office at least three days a week, with two days working outside an Invesco office.
What’s in it for you?
Our people are at the very core of our success. Invesco employees get more out of life through our comprehensive compensation and benefit offerings including:
- Flexible paid time off
- Hybrid work schedule
- 401(K) matching of 100% up to the first 6% with a discretionary supplemental contribution
- Health & wellbeing benefits
- Parental Leave benefits
- Employee stock purchase plan
The above information on this description has been designed to indicate the general nature and level of work performed by employees within this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. The job holder may be required to perform other duties as deemed appropriate by their manager from time to time.
Invesco's culture of inclusivity and its commitment to diversity in the workplace are demonstrated through our people practices. We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender, gender identity, sexual orientation, marital status, national origin, citizenship status, disability, age, or veteran status. Our equal opportunity employment efforts comply with all applicable U.S. state and federal laws governing non-discrimination in employment.