Position:
RISK ANALYST – VENDOR RISK AND COMPLIANCE
Location: REMOTE
Employment Type: 12 MONTHS CONTRACT (RENEWABLE)
Position Overview:
We are seeking to hire a talented Risk Analysts with expertise in IT, Supply Chain, or Cybersecurity to join our team. The ideal candidate will be responsible for assessing vendor risk and compliance with security standards, ensuring alignment with organizational objectives and regulatory requirements. The candidate will play a critical role in identifying, analyzing, and mitigating risks associated with vendor relationships, contributing to the overall security and resilience of our organization.
Responsibilities:
- Conduct comprehensive assessments of vendor risk and compliance with security standards, including evaluation of security controls, policies, and procedures.
- Collaborate with cross-functional stakeholders to define risk assessment criteria, methodologies, and scoring frameworks, ensuring consistency and accuracy in risk analysis.
- Evaluate vendor contracts, agreements, and service level agreements (SLAs) to identify security requirements and compliance obligations.
- Analyze vendor security documentation, such as security questionnaires, assessments, and audit reports, to assess the adequacy and effectiveness of security measures.
- Identify gaps, vulnerabilities, and areas of non-compliance with security standards, and develop risk mitigation strategies and remediation plans.
- Communicate findings and recommendations to key stakeholders, including senior management, procurement teams, and vendor management offices.
- Monitor and track vendor risk remediation activities, ensuring timely resolution of identified issues and compliance gaps.
- Stay abreast of industry trends, regulatory changes, and emerging threats in IT security and supply chain risk management, and provide insights and recommendations to enhance organizational resilience.
Requirements:
- Bachelor’s degree in Information Technology, Computer Science, Business Administration, or related field. Master’s degree preferred.
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent certification preferred.
- Minimum of 4+ years of experience in risk management or vendor management roles, with a focus on IT security, supply chain, or cybersecurity.
- Strong understanding of security frameworks and standards, such as ISO 27001, NIST Cybersecurity Framework, and GDPR.
- Experience conducting risk assessments, security audits, and compliance reviews for vendors and third-party service providers.
- Proficiency in risk assessment tools and methodologies, such as risk matrices, heat maps, and risk scoring models.
- Excellent communication and interpersonal skills, with the ability to effectively engage and influence stakeholders at all levels of the organization.
- Strong analytical and problem-solving abilities, with a demonstrated track record of identifying and mitigating security risks and compliance issues.
Tools and Technologies:
- Risk Assessment Tools (e.g., RSA Archer, OneTrust, etc.)
- Vendor Risk Management Platforms (e.g., BitSight, RiskRecon, etc.)
- Security Questionnaire Tools (e.g., Shared Assessments, SIG Questionnaire, etc.)
- Document Management Systems (e.g., SharePoint, Confluence, etc.)
- Microsoft Office Suite (Word, Excel, PowerPoint, Outlook.)
The candidate must be familiar with the above tools and technologies and demonstrate proficiency in their use during the selection process.
If you are passionate about this role, send your resume to info@onepyramid.com before COB 8TH MAY, 2024. Only shortlisted candidates will be contacted.
Author
Business Development Manager, Digital Marketing Executive at OnePyramid Consulting Limited