Third Party Risk Management Consultant

Date: Feb 6, 2019

Location: Erie, PA, US, 16530

Job requisition: 13362
Share this Job

Division or Field Office:

Office Of The President

Department of Position: Employment & Privacy Dept 

Work from:

Corporate Office, Erie, PA


At Erie Insurance, you’re not just part of a Fortune 500 company; you’re also a valued member of a diverse and inclusive team that includes more than 5,000 employees and over 2,200 independent agencies.  Our Employees work in the Home Office complex located in Erie, PA, and in our Field Offices that span 12 states and the District of Columbia.  To attract and retain the best talent, we reward our team members with competitive salaries and a very generous benefits package.


Position Summary

Conducts risk assessments to evaluate the security and integrity of third parties that have access to ERIE data to confirm they are properly vetted from an information security, business continuity and recovery, risk management and governance, software/infrastructure development and support and privacy perspective, and associated controls are in place or mediated prior to establishing or continuing operations with the third party.

  • This position ideally works from the Home Office in Erie, PA. Consideration may be given for remote work.

Duties and Responsibilities

Leads high visibility information security risk assessments of third parties that are critical to ERIE.


Uses critical thinking to analyze responses to third party assessment questionnaires and reviews supporting documentation (SOC reports, etc.) received from third parties to identify and evaluate the risks at third parties that use a range of diverse technologies in order to establish or continue operations with them.


Interviews key third party personnel to gain additional insight and/or clarify response to completed questionnaires.


Assesses cloud technologies such as Software as a Service (SaaS) hosted applications, Platform as a Service (PaaS), and Infrastructure as a Service deployments (IaaS).


Leads and conducts onsite assessments for evidence around a vendor's capabilities, governance and controls.


Assigns an overall risk rating with refined qualifications based on potential risk in business processes, applications and systems.


Composes assessment reports containing findings and recommendations and presents to the business and the third party.


Works as a subject matter expert with other subject matter experts from the Law, Privacy, Information Security, Enterprise Risk Management, Sourcing and Vendor Management, Business Continuity and Disaster Recovery Departments and business areas to apply risk assessment criteria in line with corporate policies.


Works directly with third parties to assist them in effectively managing operational risks related to the identification of potential areas of concern with business processes, applications and systems.



Works with internal business owners to assist them and, if necessary, build a plan for effectively managing third party operational risks related to business processes, applications and systems.


Works with interdisciplinary teams across ERIE to ensure identified risks that require mitigation have a plan developed and are executed for resolution.

Promotes and delivers continuous training and awareness to business partners on third party risks and enhance ERIE's internal service model that informs business owners of key risks in a timely manner.


Works with the Law Division and the Sourcing and Vendor Management Department to provide input for contract design related to key provisions for third party risk management.


Brings new ideas and lead projects that improve the risk assessment process.


Stays abreast of industry, regulatory, compliance and cybersecurity issues and best practices.


Provides guidance to Sourcing and Vendor Management on best practices and continuous improvement for processes, assessments and other operational activities.



Ability to Manage Complexity

Decision Making

Developing And Maintaining Relationships


Information Management Skills

Interpersonal Communication

Job-Specific Knowledge

Planning And Organizing

Problem Analysis

Service Orientation

Time Management


Bachelor's degree in Business, Risk Management, Computer Science, Information Technology or related field or equivalent experience required. Six years' related work experience in risk management and/or internal controls required.


Associate’s degree in Business, Risk Management, Computer Science, or Information Technology or related field and eight years’ experience in risk management and/or internal controls; or


High school diploma or GED and ten years’ experience in risk management and/or internal controls required.


Working experience of Information Security and information security control frameworks (NIST, ISO 27001/27002, etc.), insurance or financial services industries, auditing and/or IT auditing (SOC) preferred. Skills in cloud security preferred (Amazon AWS, Microsoft Azure or Google Cloud). This position requires periodic travel. Information security certification (CISA, CISM, CRISC, CISSP, CTPRP or related certifications) preferred.


Physical Requirements

Climbing; Rarely

Driving; Occasional (<20%)

Lifting Over 50 lbs; Rarely

Manual Keying/Data Entry; Frequent (50-80%)

Pushing/Pulling; Rarely

Lifting 0-20 lbs; Occasional (<20%)

Lifting 20-50 lbs; Occasional (<20%)

Nearest Major Market: Erie

Job Segment: Law, Computer Science, Cloud, Compliance, Information Security, Legal, Technology

Find similar jobs: