The team is looking to add an Information Security/Cyber Risk analyst to join our team and play a key role in assessing third-party security risk. In this role, you'll evaluate vendor-submitted questionnaires and documentation to identify any potential security risks, helping us maintain compliance with legal and regulatory standards. You'll need a strong understanding of information security frameworks, experience with vendor risk assessments, and sharp analytical skills to succeed in this position.
Key Responsibilities:
Conduct reviews of vendor materials, such as SOC reports, certifications, and policies, to ensure they meet our security standards.
Identify and document any security gaps, requesting additional information as needed through the vendor management process.
Collaborate with various teams to align security efforts with regulatory standards and industry best practices.
Report on the status of vendor security reviews, including metrics on volume and progress.
What We're Looking For:
Bachelor's degree in Information Systems, related field, or equivalent experience.
Minimum 3 years of hands-on experience in conducting vendor security assessments.
Familiarity with security frameworks such as ISO 27001/2, NIST CSF, NIST SP 800-53, SIG, etc.
Strong analytical and organizational skills, with an ability to translate complex security details into actionable insights.
Industry certifications (CISA, CRISC, CISM, etc.) are a plus but not required.