• IT Security Analyst - Third Party Risk Management (TPRM)

    Location Name DE, Wilmington
    Date Posted
    2 months ago(9/26/2018 2:33 PM)
    Berkley Technology Services LLC
    Primary Location
    IA, Urbandale - 3840 109th Street
    Information Technology
  • Company Details

    Berkley Technology Services_Logo


    If you are ready to jump start your career, BTS is the place for you!


    Berkley Technology Services (BTS) is a dynamic company committed to providing world class IT services. We offer a unique culture, enabling our team members to be on the cutting edge of technology while delivering high quality solutions. We are looking for outstanding individuals who will bring unique perspectives, insight and innovation to our teams. BTS, a member company of W. R. Berkley Corporation, has facilities located in Des Moines, Iowa and Wilmington, Delaware. Our functions include working with various third parties to develop, integrate, and support insurance systems of WRBC's operating units. BTS strives to provide these functions in a holistic manner including helpdesk support, system connectivity, and operational support. Additional responsibilities include coordinating communications regarding best practices in the use of our supported systems and researching new technology. At BTS, there are opportunities associated with being a part of an established and empowering corporation while maintaining a positive personal working environment. Additionally, we provide a competitive compensation and benefits package including a casual dress code. BTS is constantly growing and expanding to meet the changing demands of one of the most successful insurance organizations in the world.

    Visit us at to learn more information.


    Position Summary:

    The primary responsibility of the Third Party Risk Management Analyst position will be to conduct formalized Information Security risk assessments of Third Parties, focusing on Information Security and Data Privacy controls. The position will participate as needed in all aspects of TPRM lifecycle starting with information gathering process, due diligence/documentation review, assessing risk including formalized risk analysis and identifying potential gaps and providing security solutions to mitigate risks. This position will interact with individuals all throughout the company as well as third parties.


    Primary Duties & Responsibilities:

    • Review services and data in scope of the assessment and analyze engagement risk ratings.
    • Conduct formal end to end Information Security Risk Assessments (review of questionnaires, third party security audit reports and evidence, onsite assessments, etc.).
    • Document risk assessment in a formal report, including any identified deficiencies in third party’s Information Security program.
    • Work together with the TPRM team and stakeholders to review the assessment and escalate any issues. Work with operating units and partners to get additional information and to properly vet any issues prior to finalizing the report.
    • Review and analyze evidence supporting deficiency remediation efforts prior to closure.
    • Assess remediation plans and non-compliance acceptances where Information Security standards compliance cannot be achieved.
    • Keep assigned review inventory in the system of record up-to-date.
    • Partner with other Information Security teams, operating units and IT, to ensure that risks are clearly articulated in a manner that is understood by business and technology audiences.
    • Participate in and influence Third Party Risk assessment process improvement, including procedures, processes, project deliverables and reporting initiatives.
    • Build and maintain positive relationships with management, team members, and stakeholders across the company using effective written and oral communication practices.
    • Serve as a subject matter expert and process ambassador as it relates to TPRM related processes, procedures, and workflows.
    • Other duties and special projects as assigned.
    • Travel expected -10%


    Minimum Qualifications:  

    • 3 + years’ experience in Audit/ IT and/or Information Security experience.
    • Experience with Information Security Risk Analysis, including formal risk assessments.
    • Strong oral and written communication skills.
    • Strong analytical and problem-solving skills with the ability to analyze data, identify opportunities, determine solutions, identify and obtaining needed resources, and execute to completion with minimal or no supervision.
    • Exhibit strong relationship management and interpersonal skills, along with excellent written and oral communication skills that include being able to synthesize data, develop recommendations, and influence and persuade partners.
    • Possess a foundational understanding of common technology architectures. Will be able to credibly understand high level system architecture and data flow diagrams for the purpose of identifying gaps and risk.
    • Demonstrate knowledge of key regulatory risks and industry guidance, i.e.  GDPR, NYS Part 500, Sarbanes-Oxley and PCI desired.
    • Ability to effectively communicate complex Information Security Cyber Security issues to non-technical audiences.
    • Understanding the principles of IT Audit, General Controls and/or IT Compliance related standards.
    • Experience with RSA Archer software is preferred, with other GRC software/solutions considered a plus.
    • Financial Services experience preferred.
    • Advanced Information Security certifications (CISSP,  CISA, or similar certifications) preferred.
    • Extremely detail oriented.
    • Excellent organizational and planning skills.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.