This position will be responsible for facilitating information gathering from Third Parties for cyber due diligence; and performing the subsequent reviews of the materials. The ideal candidate will provide leadership, oversight and management of the Third-Party Cyber Security Risk Management Program, including:
- Understand overall third party cyber security risk management processes, perform third party due diligence assessments and prepare related reporting
- Manage, enhance and implement policies, procedures and program governance to ensure effective cyber security risk management of third parties in accordance with internal and regulatory requirements
- Serve as internal point-of-contact and ensure that the appropriate cyber security controls are embedded throughout the third-party management lifecycle (due diligence; onboarding; monitoring; issue management and escalation; termination)
- Administer a third party management tool as the central repository for third-party cyber security due diligence assessments and monitoring
- Ensure third party adherence to, OneMain's cyber security standards and contractual requirements via overseeing and/or directly performing remote and on-site assessments
- Assess identified third party cyber security findings and assist in identifying appropriate controls to mitigate cyber security gaps as well as managing them to closure
- Develop standardized reporting to enable continuous monitoring against program goals
- Engage with the organization and help develop procedures for team members about third party cyber security risks
- Other duties as required (e.g. regulatory/audit support, metrics/reporting)
Preferred Knowledge and Skills
- Demonstrate advanced understanding of cyber security controls related to third party risk management and related standards
- Experience in cyber security and general risk management
- Understands complex cyber security issues as well as emerging technologies and develop creative solutions while ensuring compliance with cyber security laws and regulations. These laws include Gramm Leach Bliley Act (GLBA), Federal Trade Commission (FTC) requirements and guidelines, the New York Department of Financial Services 23 NYCRR 500 Regulation ('NYDFS'), the California Consumer Protection Act ('CCPA'), Payment Card Industry Data Security Standards ("PCI DSS"), among others.
- Strong business acumen and strategic thinking skills to enable understanding of third party risks in context of business activities
- Ability to problem solve and identify solutions to third party issues that are appropriate based on business context and risk significance
- Experience with performing remote and on-site third party assessments and/or contract audits
- Ability to adapt to change quickly and manage multiple tasks successfully
- Passion for working collaboratively and cross-functionally with strong commitment to customer service, stakeholder relationships, and high impact communications across all organizational levels
- Bachelor's degree or equivalent work experience
- Possess strong analytical skills with the ability to think critically and question the information gathered.
- Strong communication skills, especially in the area of writing will be needed as the individual will need to create reports on their findings.
- Able to objectively assess third party control environment, and provide recommendations to mitigate risk
- Experience/knowledge of SOC reports, ISO certification, PCI report of compliance and other independent attestation report for service providers is preferred.
- Experience working with industry frameworks such as CIS Top 20, NIST 800-30, ISO 27002
- Knowledge of Gramm Leach Bliley Act (GLBA), Federal Trade Commission (FTC) requirements and guidelines, the New York Department of Financial Services 23 NYCRR 500 Regulation ('NYDFS'), the California Consumer Protection Act ('CCPA'), Payment Card Industry Data Security Standards ("PCI DSS"), are a plus
Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.
At OneMain, we understand that for our team members to be their best, they need the right opportunities and benefits. Our comprehensive benefits package for full-time and some part-time employees includes health and well-being options for team members and dependents, up to 4% matching 401(k), tuition reimbursement, continuing education, incentive pay, paid time off, paid volunteer time and more.
OneMain Financial is the country's largest lending-exclusive financial company. With nearly 1,600 branches across 44 states, we proudly offer safe, affordable and transparent installment loans to millions of hard-working people. Our customers turn to us to meet important financial needs, including debt consolidation, medical expenses, household bills, home improvements and auto purchases. OneMain is constantly innovating to serve customers when, where and how they want by investing in our technical digital capabilities. Our steadfast commitment to doing the right thing extends to our customers, our employees and the communities where we live and work - a mission that hasn't changed for more than 100 years.
OneMain Holdings, Inc. is an Equal Employment Opportunity (EEO) and Affirmative Action (AA) employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identify, national origin, age, marital status, protected veteran status, or disability status.