ISSO GRC Third Party Security
Meta

Job Info

We are creating an operationally effective and highly efficient "service of common concern" for all Integrity, Security, Support, and Operations (ISSO) Governance, Risk, and Compliance (GRC) needs, ensuring Integrity, Security, Support, and Operations continue to meet global regulatory requirements and manage risk. Meta's ISSO GRC is the central engine driving risk management and compliance at the company, supporting Meta and the family of apps. Security engineering is a critical component of supporting integrity and security risk domain governance, risk, and compliance (GRC). GRC initiatives are designed to enable the business to proactively manage risk, to protect sensitive information, and to meet or exceed legal and regulatory obligations and expectations.We're seeking deeply experienced, integrity and security talent to help enable and safeguard Meta's products and services which have a truly global scale. Our goal is to make Meta the premier place to work for governance, risk, compliance, security, and integrity professionals.

ISSO GRC Third Party Security Responsibilities:

• Collaborate with team members and stakeholders to understand or identify defined work problems and program goals, prioritize deliverables, and discuss program impact.
• Identify and implement opportunities for increased automation across the program factoring in emerging regulations and proactive detection of risks.
• Increase Integration of systems to provision simplified engagements for the business, consolidated and efficient workflows, and consumable view of risk for leadership
• Designing, implementing, and/or assessing security controls
• Validating vulnerability assessments, controls testing outcomes
• Identification of risks and detailing of a mitigation plan to ensure that the project stays on track, or is brought back on track in the event of delays or blockers.
• Providing technical challenge to risk domain strategies, products, designs, features, components.
• Support business travel on an as needed basis (up to 10%)

Minimum Qualifications:

• 4 + years of experience in information security, cybersecurity, transparency reporting, integrity, and/or technology risk including one or more domains (e.g., access management, vulnerability management, change management, business continuity, application security, asset management).
• 2 + years of experience in undertaking and managing programs of work to deliver cyber security assessments that validate the existence and effectiveness of controls to assure the confidentiality, integrity and availability of data held within third party systems.
• 2 + years of experience in assessing security deficiencies in information systems and recommending mitigating controls in a corporate environment. Negotiates technical capabilities and remediation plans with senior cyber security leaders in third party suppliers.

Preferred Qualifications:

• BSc/MSc or equivalent experience in Computer Science, Information Systems, Engineering, Cybersecurity or related field
• Experience in technical challenge and validation of controls and features effectively analyzing risk, compliance, and maturity within the context of business, and technology problems
• Experience in effectively analyzing risk, compliance, and maturity within the context of business, and technology problems.
• Industry qualification (CISSP / CISA or similar)

About Meta: