Staff Digital Auditor

Job description

Job Description Summary

As Staff Digital Auditor, you will play a key role in setting the strategy of Third-Party Risk Management (TPRM) for GE Vernova as well as overseeing and governing services delivered by our external Managed Service Provider (MSP). This role is responsible for ensuring that the MSP meets contractual obligations and performance indicators, as well as tracking, reporting and handling escalations.
This role will ensure that our TPRM strategy, standards, and governance framework remain effective, consistent, and aligned with organizational objectives. The individual will act as the GE Vernova point of contact of TPRM governance, driving oversight, compliance, and continuous improvement.

Job Description

Key Responsibilities

·  Governance & Oversight
·  Maintain and operationalize the organization’s TPRM strategy, playbook, standard work, and governance framework.
·  Establish and maintain governance frameworks to oversee MSP TPRM operations.
·  Monitor compliance with contractual obligations and performance indicators (KPIs/SLAs).
·  Conduct regular governance meetings with the external partner and internal stakeholders.

·  Risk & Compliance
·  Ensure adherence to organizational policies, regulatory requirements, and industry standards.
·  Monitor risk assessments, control testing, and remediation of findings.
·  Review and assess supplier-proposed contract redlines related to cybersecurity requirements to ensure alignment with organizational standards and risk posture.

·  Performance Management
·  Track and report on third-party performance, including but not limited to, incident response, vulnerability management, and risk remediation.
·  Review monthly/quarterly security metrics, dashboards, and reports for accuracy and effectiveness.
·  Escalate risks, gaps, and deviations to senior leadership with actionable recommendations.

·  Stakeholder Management
·  Act as the liaison between the TPRM organization and the MSP cybersecurity partner.
·  Partner with DT, Cyber, Legal, Sourcing and Business teams to ensure security alignment with business objectives.
·  Provide clear and timely communication on risks, incidents, and remediation status.

·  Continuous Improvement
·  Drive process improvements in governance, risk management, and compliance monitoring.
·  Monitor industry trends, regulations, and emerging risks to keep TPRM strategy up to date.
·  Benchmark MSP services against industry best practices.
·  Recommend enhancements to security policies, standards, and frameworks.

Skills

·  Strong understanding of third-party/vendor cyber risk management.
·  Experience with cybersecurity frameworks: ISO 27001, NIST CSF, etc.
·  Familiarity with regulatory requirements.
·  Strong audit experience and ability to review technical/operational security reports.
·  Excellent stakeholder management and communication skills.
·  Professional certifications preferred: ISO 27001 LA, CISA etc.

Additional Information

Relocation Assistance Provided: No

- This is a remote position