Third Party Risk Specialist

Group 1001 is a consumer-centric, technology-driven family of insurance companies on a mission to deliver outstanding value and operational performance by combining financial strength and stability with deep insurance expertise and a can-do culture. Group1001’s culture emphasizes the importance of collaboration, communication, core business focus, risk management, and striving for outcomes. This goal extends to how we hire and onboard our most valuable assets – our employees.

Why This Role Matters:

We are seeking an experienced Third-Party Risk Management Specialist to join our cyber security team. This role is critical in evaluating and managing the security risks associated with our vendor ecosystem. The ideal candidate will combine deep technical security expertise with strong analytical and communication skills to assess third-party security postures and effectively communicate risk findings to business stakeholders.  You will report to our Director of Security Lifecycle & Architecture.

How You'll Contribute:

• Review and analyze SOC-2 Type 2 reports, identifying control gaps and security deficiencies
• Evaluate penetration testing reports, from vendors, assessing methodology, findings, and remediation adequacy
• Conduct comprehensive analysis of third-party risk questionnaires and security assessments
• Perform detailed risk scoring and rating of vendor security programs
• Assess vendor security architecture across cloud environments
• Translate complex technical security findings into clear business risk language for executive and operational stakeholders
• Create standardized risk reporting and dashboards for management visibility
• Lead periodic reviews of critical vendor relationships, conducting risk reassessments and compliance validation.

What We're Looking For:

• Minimum of 7 years of experience in information security and risk management
• Proven experience conducting third-party security assessments and vendor risk evaluations
• Hands-on experience reviewing SOC-2 Type 2 reports and penetration testing documentation
• Extensive knowledge of information security frameworks (e.g., NIST CSF, ISO 27001, CIS) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS, HITRUST, NYDFS).
• Proven experience in risk assessment, analysis, and management methodologies.
• Understanding of common attack methods, threat landscape, and security vulnerabilities
• Experience with security assessments in AWS, Azure, and Google Cloud Platform environments
• Knowledge of SaaS vendor security models and assessment methodologies
• Understanding of network architecture, firewalls, infrastructure security, endpoint security, and vulnerability management
• Knowledge of preventative, detective, and corrective security controls implementation

Compensation:  

Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay for this position ranges from $120,000/year in our lowest geographic market up to $140,000/year in our highest geographic market.  Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.

Benefits Highlights:  

Employees who meet benefit eligibility guidelines and work 30 hours or more weekly, have the ability to enroll in Group 1001’s benefits package. Employees (and their families) are eligible to participate in the Company’s comprehensive health, dental, and vision insurance plan options.  Employees are also eligible for Basic and Supplemental Life Insurance, Short and Long-Term Disability. All employees (regardless of hours worked) have immediate access to the Company’s Employee Assistance Program and wellness programs—no enrollment is required.  Employees may also participate in the Company’s 401K plan, with matching contributions by the Company.

Group 1001, and its affiliated companies, is strongly committed to providing a supportive work environment where employee differences are valued. Diversity is an essential ingredient in making Group 1001 a welcoming place to work and is fundamental in building a high-performance team. Diversity embodies all the differences that make us unique individuals.  All employees share the responsibility for maintaining a workplace culture of dignity, respect, understanding and appreciation of individual and group differences.