• Identify and articulate material risks • Ensure consistency between disclosure and operational reality • Quantify exposure where possible • Maintain defensible documentation • Participate in risk identification processes • Evaluate incident response history • Evaluate security maturity • Monitor controls documentation • Map risks to security and compliance controls • Monitor and evaluate evidence retention • Embed risk into engineering lifecycle • Partner with Security and Platform Engineering • Drive operational risk quantification • Support diligence with architecture fluency • Own the enterprise risk framework • Coordinate with Legal, Finance, and Audit • Build board-level reporting structure

• To help lead the SME Risk team to deliver Secondsight’s Health & Protection Proposition. • Reporting to the Head of Health and Protection, the role will involve leading the SME risk team, while also proactively managing an existing portfolio book, providing a high-quality consulting and advisory service to clients. • Incorporate managing our PPA and working with the leading risk insurers. • As a Line Manager, to be directly responsible for the day-to-day management of the team including; effective resourcing, delegation of tasks, performance management (via monthly continuous performance reviews), development and engagement. • Overall responsibility for a portfolio of protection schemes for a range of corporate clients, which will include: • Fact Find/initial advice calls • The preparation of quote specifications, review of quotations, negotiation with insurers and preparation of review/renewal reports. • Face to Face and telephone advice meetings with clients • Generating additional revenue opportunities • Answer and deal with inbound calls from clients, employees and benefit providers. • Adherence to the new business process for prospects

• Serves as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems. • Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization. • Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.

Title: Senior Third-Party Risk & Controls Analyst Location: Allen United States Job Description: Job Title: Senior Third-Party Risk & Controls Analyst Duration: Short‑term contract Location: Allen, Texas - Remote Required Pay Scale: $80-$86/hr - Due to client requirements this role is only open to USC or GC candidates* Job Summary: The Senior Third‑Party Risk & Controls Analyst leads complex control testing, evidence validation, and audit‑readiness activities across multiple business units. This role partners directly with process owners to walk through workflows, validate control design and effectiveness, support RCSAs, and strengthen the overall control environment. Senior analysts are expected to operate independently, mentor junior testers, and drive higher‑quality documentation and testing rigor. Project Details: Project Description & Tech Stack: Review internal controls, test them, document results, and work directly with business partners to gather evidence and strengthen their control environment. Daily work includes walkthroughs with process owners, validating how controls operate, confirming documentation, and ensuring audit readiness. Tools: RSA Archer (core), ServiceNow GRC, MetricStream, Excel, internal control libraries. Project Goal / Current Phase: Improve control maturity, validate design and effectiveness, close evidence gaps, and prepare business units for upcoming audits. Currently in active testing, documentation, and remediation tracking. Project Type: Controls testing, evidence review, audit readiness, RCSA support, standardized test procedure execution. Must Haves - 3-5+ years working in RSA Archer (records, controls, assessments, evidence, issues) - 5+ years in Risk & Controls, Internal Audit, or Compliance Testing - Experience supporting a Unified Control Library • Strong understanding of Test of Design vs. Test of Effectiveness - Sampling, evidence review, issue/CAP tracking - RCSA execution/support - Familiarity with regulatory frameworks: NIST, ISO, SOC, SOX, HIPAA, PCI - Experience writing/executing STPs - Strong communication and documentation skills - Ability to work directly with business owners and manage multiple tasks Desired Skills - GRC tools: RSA Archer, ServiceNow GRC, MetricStream - Attestation workflows or continuous monitoring - Risk scoring and control ratings - BFSI or regulated industry experience About Matlen Silver Experience Matters. Let your experience be driven by our experience. For more than 40 years, Matlen Silver has delivered solutions for complex talent and technology needs to Fortune 500 companies and industry leaders. Led by hard work, honesty, and a trusted team of experts, we can say that Matlen Silver technology has created a solutions experience and legacy of success that is the difference in the way the world works. Matlen Silver is an Equal Opportunity Employer and considers all applicants for all positions without regard to race, color, religion, gender, national origin, age, sexual orientation, veteran status, the presence of a non-job-related medical condition or disability, or any other legally protected status.