Analyst III - Information Security (IN)

We are seeking a highly skilled and motivated Cyber Risk Analyst III with a primary focus on Third-Party Risk Management and strong expertise in data analytics. In this role, you will be responsible for managing and analyzing third-party cyber risks, ensuring our organization maintains a robust cybersecurity posture. You will play a pivotal role in the execution of our Third-Party Risk Management (TPRM) strategy by conducting thorough risk assessments, due diligence, and ongoing monitoring to identify and mitigate potential vulnerabilities. This role also emphasizes leveraging advanced data analytics techniques to uncover risks, support strategic decision-making, and strengthen our overall risk management framework.

Key Responsibilities:

• Third-Party Risk Management:

  • Lead and support the organization's third-party risk strategy by conducting comprehensive risk assessments, ensuring due diligence processes are followed, and monitoring third-party relationships in compliance with the Third-Party Risk Management (TPRM) policy.
  • Identify gaps in third-party risk management processes and work to remediate them effectively.
  • Collaborate with cross-functional teams to ensure third-party security practices align with organizational goals and compliance standards.

• Cyber Risk Analytics:

  • Collect, analyze, and interpret cybersecurity data from multiple sources to measure and understand third-party and organizational cyber risks.
  • Develop and maintain data models that effectively represent the risk landscape, with a focus on third-party relationships.
  • Utilize advanced analytics techniques to identify patterns, trends, and potential threats in third-party ecosystems that could impact the organization.
  • Prepare and present actionable reports on findings, including recommendations to mitigate identified risks.

• Risk Governance and Compliance:

  • Assist in defining and refining processes and procedures for information security governance programs and risk management frameworks.
  • Conduct security assessments and analysis activities, ensuring compliance with information security policies, procedures, and standards.
  • Report residual risks, vulnerabilities, and other security exposures, including third-party risks, to senior technical executives and recommend mitigation strategies.

Incident Response and Monitoring:

• Manage, review, and respond to third-party-related security alerts, escalations, and incidents, identifying root causes and recommending remediation plans.
• Implement continuous monitoring processes to track third-party cyber risk indicators and ensure timely identification of emerging threats.
• Other duties as assigned.

.

WORK EXPERIENCE & EDUCATIONAL QUALIFICATIONS:

• 4+ years of relevant experience, preferably in information security.
• Manage and respond to third-party security alerts and incidents.
• Implement continuous monitoring for cyber risk indicators.
• Perform other duties as assigned.
• Refine processes for information security governance and risk management.
• Conduct security assessments to ensure compliance with policies.
• Report risks and vulnerabilities to senior executives, including mitigation strategies.
• Collect and analyze cybersecurity data to understand risks.
• Develop data models representing the risk landscape.
• Identify patterns and trends in third-party ecosystems.
• Prepare actionable reports with risk mitigation recommendations.
• Lead and support third-party risk strategy and assessments.
• Ensure due diligence and compliance with Third-Party Risk Management (TPRM) policy.
• Identify and remediate gaps in third-party risk processes.
• Collaborate with teams to align third-party security with organizational goals.
• Bachelor’s Degree in Computer Science, Information Technology, or a related discipline, or equivalent experience.

Preferred Certifications:
• Certified Cloud Security Professional (CCSP)
• Certification in Information Security Strategy Management (CISM)
• Certified Information Systems Security Professional (CISSP)
• CompTIA Security + Certification
• Systems Security Certified Practitioner (SSCP)
• TS-SCI Security Clearance Certification

SKILLS & KNOWLEDGE:
Behavioral Skills:
• Critical Thinking
• Detail Oriented

• Impact and Influencing
• Interpersonal Communication
• Multitasking
• Problem Solving

Technical Skills:
• Application Architecture
• Cybersecurity
• Information Security Strategy Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI)
• IT Risk Management
• Network Solutions and Systems
• Programming and Development
• Root Cause Analysis
• Software Development Life Cycle (SDLC)
• Threat Modelling

Tools Knowledge:
• Microsoft Office Suite
• Programming and Development Languages - JavaScript, HTML/CSS, Python, SQL
• Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc.

What Cencora offers

​Benefit offerings outside the US may vary by country and will be aligned to local market practice. The eligibility and effective date may differ for some benefits and for team members covered under collective bargaining agreements.

Affiliated Companies

Equal Employment Opportunity

Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.

The company’s continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.

Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned