Location: Remote – Pacific or Mountain Time Zone Required
Compensation: $70,000 - 80,000 per year, depending on experience and qualifications.
Employment Type: Full-Time
What you can expect as the Third-Party Risk Advisor at Fortress…
As a Third-Party Risk Advisor, you will have the opportunity to play a direct role in supporting critical infrastructure and protecting national security. In this position, you serve as a trusted front-line expert, helping organizations identify, assess, and remediate cybersecurity and third-party risks across the energy sector. Additionally, this role offers continuous learning and career growth through direct exposure to leading security frameworks such as NIST 800-53, ISO 27001, and NIST CSF. It also provides a client-facing environment that sharpens professional communication and leadership skills. For those driven by purpose and precision, and who take pride in advancing security standards, this role offers both a challenge and a mission.
Responsibilities Include
- Conduct comprehensive cyber risk assessments of third-party vendors, including analysis of security controls, policies, and compliance postures.
- Provide responsive, professional support to clients and offer strategic recommendations to reduce vendor-related cyber risk.
- Serve as the primary point of support for PG&E’s third-party risk program, managing assessments, communication, and coordination throughout each engagement.
- Build strong client relationships and deliver excellent customer service through clear communication and timely follow-up.
- Collaborate across internal teams to ensure risk findings are clearly communicated and effectively addressed.
- Facilitate vendor risk review meetings and engage with legal, procurement, and IT teams to align on risk outcomes and remediation.
- Support clients in understanding regulatory obligations and frameworks such as ISO 27001, NIST 800-53, NIST CST, and NERC-CIP, and help translate technical findings into business-relevant insights.
Minimum Qualifications
- Must reside in the Pacific or Mountain Time Zone (Arizona, Idaho, Oregon, Montana, New Mexico, Utah, Washington, or Wyoming) and be available to work standard business hours aligned to that time zone.
- 3–5 years of experience in cybersecurity, with a focus on third-party risk, consulting, or vendor risk assessments.
- Strong knowledge of cyber risk management frameworks and vendor risk assessment methodologies.
- Excellent communication and presentation skills, able to translate technical risk findings into business impact for clients.
Preferred Skills
- Experience working at a Big Four accounting or consulting firm.
- Background in highly regulated industries such as financial services (e.g., PCI, GLBA), energy (e.g., NERC CIP), and/or healthcare (e.g., HIPAA) is a plus.
- Demonstrated ability to effectively prioritize tasks and manage workloads to meet tight deadlines and challenging objectives.
- Professional certification in security or risk management (e.g., CISA, CRISC, CTPRP, or other recognized cybersecurity risk certifications).
Education
- Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field.
Employee Benefits
- Remote and Hybrid working environment
- Competitive pay structure
- Medical, dental, vision plans with employees covered up to 90% with highly progressive options for dependents and families
- Company paid life, short- and long-term disability insurance
- Employee Assistance Program
- 401(k) match
- Flexible Paid Time Off
- Parental Leave
- Access to thousands of Learning & Development courses that range from mental health and wellbeing, stress, and time management to an array of technical and business-related courses
Employment Perks
- We provide each employee with professional growth opportunities through succession planning, up-skilling, and certifications
- Tuition and certification reimbursement
- Employee Referral Programs
- Company Sponsored Events
Fortress is proud to be an Equal Opportunity Employer. All employees and applicants will receive consideration for employment without regard to age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. Fortress Information Security takes part in the E-Verify process for all new hires.
For positions located in the US, the following conditions apply. If you are made a conditional offer of employment, you will have to undergo a drug test. ADA Disclaimer: In developing this job description care was taken to include all competencies needed to successfully perform in this position. However, for Americans with Disabilities Act (ADA) purposes, the essential functions of the job may or may not have been described for purposes of ADA reasonable accommodation. All reasonable accommodation requests will be reviewed and evaluated on a case-by-case basis.