We are looking for a talented Manager of Cybersecurity Third Party Risk Management to join our team specializing in Systems/Information Technology for our Corporate Segment in Columbus, IN (some remote/hybrid work expected). The Manager of Cybersecurity Third Party Risk Management oversees risks associated with Cummins’ third-party relationships. In this role, the Manager will define enterprise-level risk limits and thresholds applicable to third party relationships, establish governance standards to guide risk-related decisions, monitoring and escalations; oversee application of these standards; report on third party risk issues to senior management and review third party business risk policy exceptions and parameters. In this role, you will collaborate with the Joint Ventures to assess cyber risk and support the evaluation of mergers, acquisitions, and divestures for cybersecurity. Effective communications, leading teams and influencing without authority are all essential skills for this role.
As the Manager of Third-Party Risk Management, you can deliver on the following responsibilities:
• Oversee risks associated with Cummins third parties, support Merger & Acquisition and Joint Ventures activities in coordination with other functional risk leaders across the company.
• Establish, maintain, and monitor adherence to a risk management framework for third party relationships across enterprise-level requirements for due diligence and selection of third parties, contract negotiation, ongoing monitoring, and termination.
• Maintain an Enterprise-level Third Party Cybersecurity Risk Management Policy that incorporates the framework elements including regulatory expectations.
• Develop qualitative and quantitative monitoring of third-party risks at an enterprise level.
• Consider policy exceptions for third party relationships.
• Identify significant new/emerging risks applicable to third parties and incorporate them into the framework.
• Develop detailed cyber risk reporting and metrics on third party risk issues.
• Conduct Targeted Risk Reviews of business unit compliance with the third-party risk management framework and policy and recommend actions to address any issues noted.
• Report and communicate results of oversight activities.
• Participate in relevant risk and third-party committees and working groups.
• Collaborate closely with the relevant personnel to ensure alignment and partnership.
To be successful in this role you will need the following:
• 10+ years of broad risk management experience with 5+ years in third party risk management.
• Risk assessment and management including evaluating and designing controls, conducting impact assessments, identifying control gaps, risk reporting and risk decision making.
• Business insight skills, including advising and consulting on Joint Ventures and M&A activities for Cybersecurity.
• Skilled in creating visual concepts, creating content, and senior and board level communications.
Compensation and Benefits
Base salary rate commensurate with experience. Additional benefits vary between locations and include options such as our 401(k) Retirement Savings Plan, Cash Balance Pension Plan, Medical/Dental/Life Insurance, Health Savings Account, Domestic Partners Coverage and a full complement of personal and professional benefits.
Cummins and E-verify
At Cummins, we are an equal opportunity and affirmative action employer dedicated to diversity in the workplace. Our policy is to provide equal employment opportunities to all qualified persons without regard to race, gender, color, disability, national origin, age, religion, union affiliation, sexual orientation, veteran status, citizenship, gender identity and/or expression, or other status protected by law. Cummins validates right to work using E-Verify. Cummins will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee’s Form I-9 to confirm work authorization.
October 22, 2021