Risk Analyst - Vendor Risk and Compliance

Consulting & Strategy

Nationwide

We are seeking to hire a talented Risk Analysts with expertise in IT, Supply Chain, or Cybersecurity to join our team. The ideal candidate will be responsible for assessing vendor risk and compliance with security standards, ensuring alignment with organizational objectives and regulatory requirements.

• Minimum Qualification: Degree
• Experience Level: Mid level
• Experience Length: 4 years

• Conduct comprehensive assessments of vendor risk and compliance with security standards, including evaluation of security controls, policies, and procedures.
• Collaborate with cross-functional stakeholders to define risk assessment criteria, methodologies, and scoring frameworks, ensuring consistency and accuracy in risk analysis.
• Evaluate vendor contracts, agreements, and service level agreements (SLAs) to identify security requirements and compliance obligations.
• Analyze vendor security documentation, such as security questionnaires, assessments, and audit reports, to assess the adequacy and effectiveness of security measures.
• Identify gaps, vulnerabilities, and areas of non-compliance with security standards, and develop risk mitigation strategies and remediation plans.
• Communicate findings and recommendations to key stakeholders, including senior management, procurement teams, and vendor management offices.
• Monitor and track vendor risk remediation activities, ensuring timely resolution of identified issues and compliance gaps.
• Stay abreast of industry trends, regulatory changes, and emerging threats in IT security and supply chain risk management, and provide insights and recommendations to enhance organizational resilience.

• Bachelor's degree in Information Technology, Computer Science, Business Administration, or related field. Master's degree preferred.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent certification preferred.
• Minimum of at least 4 years of experience in risk management or vendor management roles, with a focus on IT security, supply chain, or cybersecurity.
• Strong understanding of security frameworks and standards, such as ISO 27001, NIST Cybersecurity Framework, and GDPR.
• Experience conducting risk assessments, security audits, and compliance reviews for vendors and third-party service providers.
• Proficiency in risk assessment tools and methodologies, such as risk matrices, heat maps, and risk scoring models.
• Excellent communication and interpersonal skills, with the ability to effectively engage and influence stakeholders at all levels of the organization.
• Strong analytical and problem-solving abilities, with a demonstrated track record of identifying and mitigating security risks and compliance issues.

09 May, 2024