The Vendor Risk Specialist is responsible for implementing, maintaining, managing, and operating vendor risk management platforms & capabilities. The Specialist delivers these capabilities in accordance with the organization's architectural designs, best practices, and regulatory or compliance requirements. As risks change, the Specialist is responsible for recommending modifications and enhancements to ensure the organization is evolving with the threat landscape.
The Vendor Risk Specialist is expected to conduct risk assessments and audits of the organization's vendors' security program, environments, systems, infrastructure, and applications. The role is responsible for providing detailed reports of technical and procedural findings and recommendations. Recipients of the Specialist's reports include business functions, purchasing, security, audit, and external stakeholders.
ESSENTIAL FUNCTIONS : Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.
Maintain knowledge of applicable policies, regulations, and compliance documents specifically related to cyber defense auditing.
Conduct third-party risk assessments to assist in determining their ability to protect confidential and sensitive data
Examine and research security controls and frameworks as it relates to vendor risk management
Administer the vendor risk management process and make confident risk recommendations with respect to the integrity and business stability of new vendors or vendors nearing contract renewal
Evaluate applicable security controls to apply against vendor services being provided and the applicability of compensating controls for vendor security assessments
Collect, analyze, interpret, evaluate, and integrate risk data from multiple sources to conduct a comprehensive analysis.
Maintain relationships with the third parties to ensure compliance, requesting an audit, tests, or other evidence
Maintain an inventory of in-scope vendor artifacts and report their compliance status as required by stakeholders, management, review boards, regulatory bodies, and auditors as necessary
Act as a subject matter expert, and liaise with key business and technology stakeholders to ensure compliance expectations are realized in a timely manner
Develop security deliverables based on the security documentation that is provided by the vendor
Maintain a security risk register.
Identify opportunities for process improvements to deliver increased operational efficiency in the vendor security oversight processes
Maintains an up-to-date understanding of industry best practices
Distribution and interpretation of compliance questionnaires, analyzing vendor audit reports from various sources, and engaging vendor representatives for additional details regarding security controls
Supervisory Responsibilities: This position has no formal supervisory responsibilities.
Certificates and Licenses: None Required
MINIMUM REQUIRED QUALIFICATIONS :
Five (5) years of experience in cybersecurity/IT with a strong focus on the analysis of security programs or controls
Understanding of risk assessments and compliance with major regulatory initiatives (e.g. SOX, PCI-DSS, HIPAA, FedRAMP)
Understanding of cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000)
Possess a good understanding of appropriate leading-edge governance-enabling technologies & practices.
Strong demonstrated ability to gain consensus and support across diverse functions and departments.
Excellent communication and presentation skills (verbal and written).
Project management planning and organization skills.
Ability to identify, document, and communicate information security issues to business and information owners
Ability to maintain the confidentiality of sensitive information
Microsoft Office (Outlook, Word, Excel, PowerPoint, Project, Visio, etc.); Web proficiency.
Ability to travel 5% of the time
Ability to clear required background check
DESIRED QUALIFICATIONS :
Bachelor's degree in Computer Science, Information Assurance, MIS, Business, or related field
Prior experience with vendor, contract, and/or program risk assessments
Prior work experience in a regulated environment; education organization experience desired.
Ability to establish good working relationships with team members, colleagues, and external organizations.
Demonstrable ability to develop value-driven & budget conscious security capabilities
Knowledge of audit trail and systems activity review processes and procedures.
Proficiency in risk assessment and risk management methodologies.
Expertise in FERPA requirements and information security best practices.
WORK ENVIRONMENT : The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
This position is virtual and open to residents of the 50 states and Washington, D.C.
We anticipate the salary range to be $66,379.50- $170,037.60. The upper end of this range is not likely to be offered, as an individual's compensation can vary based on several factors. These factors include, but are not limited to, geographic location, experience, training, education, and local market conditions. Eligible employees may receive a bonus. Stride offers a robust benefits package for eligible employees that can include health benefits, retirement contributions, and paid time off.
The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor. All employment is "at-will" as governed by the law of the state where the employee works. It is further understood that the "at-will" nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer.
Job Type
Regular
The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor. All employment is "at-will" as governed by the law of the state where the employee works. It is further understood that the "at-will" nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer.
Stride, Inc. is a Federal Contractor, an Equal Opportunity/Affirmative Action Employer and a Drug-Free Workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected Veteran status age, or genetics, or any other characteristic protected by law.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)