Third Party Risk Management (TPRM) - IT Security Analyst

at Berkley in Wilmington, Delaware, United States

Job Description

Berkley Technology Services (BTS) is a dynamic company committed to providing world class IT services. We offer a unique culture, enabling our team members to be on the cutting edge of technology while delivering high quality solutions. We are looking for outstanding individuals who will bring unique perspectives, insight and innovation to our teams. BTS, a member company of W. R. Berkley Corporation, has facilities located in Des Moines, Iowa and Wilmington, Delaware. Our functions include working with various third parties to develop, integrate, and support insurance systems of WRBC’s operating units. BTS strives to provide these functions in a holistic manner including helpdesk support, system connectivity, and operational support. Additional responsibilities include coordinating communications regarding best practices in the use of our supported systems and researching new technology. At BTS, there are opportunities associated with being a part of an established and empowering corporation while maintaining a positive personal working environment. Additionally, we provide a competitive compensation and benefits package including a casual dress code. BTS is constantly growing and expanding to meet the changing demands of one of the most successful insurance organizations in the world. Visit us at to learn more information.

The primary responsibility of the Third Party Risk Management Analyst position will be to conduct formalized Information Security risk assessments of Third Parties, focusing on Information Security and Data Privacy controls. The position will participate as needed in all aspects of TPRM lifecycle starting with information gathering process, due diligence/documentation review, assessing risk including formalized risk analysis and identifying potential gaps and providing security solutions to mitigate risks. This position will interact with individuals all throughout the company as well as third parties.

Primary Duties & Responsibilities:

+ Review services and data in scope of the assessment and analyze engagement risk ratings

+ Conduct formal end to end Information Security Risk Assessments (review of questionnaires, third party security audit reports and evidence, onsite assessments, etc.)

+ Document risk assessment in a formal report, including any identified deficiencies in third party’s Information Security program.

+ Work together with the TPRM team and stakeholders to review the assessment and escalate any issues. Work with operating units and partners to get additional information and to properly vet any issues prior to finalizing the report.

+ Review and analyze evidence supporting deficiency remediation efforts prior to closure.

+ Assess remediation plans and non-compliance acceptances where Information Security standards compliance cannot be achieved.

+ Keep assigned review inventory in the system of record up-to-date

+ Partner with other Information Security teams, operating units and IT, to ensure that risks are clearly articulated in a manner that is understood by business and technology audiences

+ Participate in and influence Third Party Risk assessment process improvement, including procedures, processes, project deliverables and reporting initiatives

+ Build and maintain positive relationships with management, team members, and stakeholders across the company using effective written and oral communication practices.

+ Serve as a subject matter expert and process ambassador as it relates to TPRM related processes, procedures, and workflows

+ Other duties and special projects as assigned

· Travel expected -10% or less

Minimum Qualifications:

+ 3 + years’ experience in Audit/ IT and/or Information Security experience performing technical security assessments of vendors, products, and solutions based on industry standards and frameworks such as PCI, CSA CAI, HIPAA, GDPR, or similar.

+ Experience with Information Security Risk Analysis, including formal risk assessments

+ Strong oral and written communication skills

+ Strong analytical and problem-solving skills with the ability to analyze data, identify opportunities, determine solutions, identify and obtaining needed resources, and execute to completion with minimal or no supervision

+ Exhibit strong relationship management and interpersonal skills, along with excellent written and oral communication skills that include being able to synthesize data, develop recommendations, and influence and persuade partners.

+ Possess a foundational understanding of common technology architectures. Will be able to credibly understand high level system architecture and data flow diagrams for the purpose of identifying gaps and risk.

+ Demonstrate knowledge of key regulatory risks and industry guidance, i.e. GDPR, NYS Part 500, Sarbanes-Oxley and PCI desired.

+ Ability to effectively communicate complex Information Security Cyber Security issues to non-technical audiences

+ Understanding the principles of IT Audit, General Controls and/or IT Compliance related standards

+ Experience with GRC software/solutions considered a plus

+ Financial Services experience preferred

+ Advanced Information Security certifications (CISSP, CISA, or similar certifications) preferred

+ Extremely detail oriented

+ Excellent organizational and planning skills

The Company is an equal employment opportunity employer.

COVID-19 vaccine required unless prohibited by law.

Job ID: 2021-5121

Name: Berkley Technology Services LLC

Street: 101 Bellevue Parkway



Seniority Level:

Mid-Senior Level

Job Functions:

Information Technology

Employment Type:


To view full details and how to apply, please login or create a Job Seeker account
How to Apply Copy Link

Job Posting: JC183964921

Posted On: May 19, 2021

Updated On: Dec 03, 2021