Support the Security & Compliance team in delivering vendor risk management services across the organization.
Well-versed in performing vendor risk assessments and managing overall vendor portfolio in a GRC platform.
Perform vendor risk assessments for new and existing vendors.
Responsible for reviewing questionnaires and evidence as part of performing vendor risk assessments.
Knowledge of partnering with Legal and Privacy on an ongoing basis in the review of information security contractual requirements.
Knowledge of Cloud computing and how to assess Cloud-related risks (SaaS, PaaS, IaaS).
Knowledge of the overall Procurement process and understanding of Information Security s role in the process.
Design and update vendor risk management procedural documentation as needed.
Perform vendor compliance risk tracking, trending, analysis, and executive reporting.
Develop and analyze Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs).
Support integration or improvements of GRC tooling into existing policy, process, workflows, and procedures as necessary to improve efficiency and mitigate risk.
Keep abreast of the latest security, privacy, business continuity, regulatory concerns, and best practices impacting third-party risk management.
What youll bring:
7+ years of experience as a Security Risk Analyst/Consultant
Proficient verbal and written communication skills
Prior experience conducting audits
Knowledgeable of information security standards and regulations (e.g. FedRAMP, NIST, ISO 27001, SOC 2/SSAE18)
One or more of the following certifications: CISA, CRISC, CISM, CISSP
Prior experience with GRC tools like StandardFusion, Archer etc.
