Third Party Assurance Manager

Third Party Assurance  Manager

The Security Governance, Risk & Compliance (GRC) team’s mission is to strengthen Okta’s position as the leading Identity-as-a-Service solution through proactively identifying and mitigating risks to our employees, our product, and most importantly, our customers. 

The ideal candidate will possess extensive experience in designing, implementing and leading the Third Party Assurance program at scale leveraging the overall Third Party Risk Management Framework. This role will be responsible for the ongoing implementation, management monitoring in the enhancement of the existing Third Party Risk Management program designed to ensure third party risks are identified, tracked through closure, and reported while enabling the business to meet its objectives.

Key Responsibilities:

• Implement, manage, and report on the adherence to the Third Party Risk Management Framework.
• Establish a third party performance monitoring program.
• Develop and maintain strong relationships with global cross functional stakeholders and third party suppliers.
• Support the Third Party Risk Management team, as required, or any transformation activities.
• Conduct ongoing Third Party security assessments and make recommendations to management regarding third party risks.
• Develop and perform data analytics capabilities to evaluate and improve operational metrics / reporting for the team.
• Work with Third Parties to provide actionable Third Party guidance and drive remediation in alignment with Okta security standards.
• Build automation and workflows, where possible, to promote efficiencies.
• Develop appropriate security risk assessment procedures as needed.
• Assist in the development of an enhanced view of third party risks into the technical and integration footprint of the third party ecosystem.

Qualifications:

• 5+ years of security assessment experience.
• 5+ years of working experience conducting security assessments on Third Parties across regulations and common industry frameworks including but not limited to ISO 27001, PCI, NIST or other global relevant security frameworks. 
• Strong ability to analyze and interpret common security industry certifications and reports (SOC, ISO, NIST).
• Ability to effectively communicate with both internal and external customers, and ensure security requirements are understood and business needs are prioritized appropriately.
• Knowledge of GRC and TPRM solutions.
• Deep understanding of foundational security principles, standard methodologies (ie logging, data handling, authorization, authentication).
• Excellent verbal, written, and interpersonal skills.
• Comfortable with ambiguity and adaptable to fast changing environments.
• BA/BS degree, or equivalent experience.

#LI-Remote