Vendor Risk Mgmt. Analyst

Location: Issaquah, WA
Date Posted: 03-11-2019
Job Description
This individual will guide and promote all aspects of the analysis, communication, implementation and risk mitigation of vendor related risks and controls to protect company and their partners. Will work with other businesses and legal departments to define and set new corporate guidance to support the vendor risk management program strategy, policy, and standards. This individual will be required to anticipate regulatory impacts, promote company awareness, propose solutions to control deficiencies, reach out in support of the business/operations, and communicate effectively at all levels.

Tasks and responsibilities:
  • Leads and executes security/privacy vendor risk assessments and risk remediation activities to effectively identify and help treat critical risks
  • Leverages a risk framework, to rate and rank associated risks
  • Documents and communicates findings to the business and third-parties
  • Identifies controls deficiencies and recommends control enhancements to address critical risks
  • Monitors, tracks, and reports control implementations
  • Assists in establishing and following methodologies designed to identify general system and business controls, and identify and prioritize risks
  • Develops, manages and executes plans to communicate and remediate all known material weaknesses or significant deficiencies, and minimize any deficiencies noted by either internal or external auditors
  • Works closely with I.S. Management, Accounting, Legal and internal/external auditors to ensure successful follow-through and completion of compliance and mitigation activities
  • Drives assigned tasks leveraging I.S. expertise or outside resources where needed
  • Coordination between external auditors and staff being audited


Non-Essential Functions:
  • Assists in other areas of the department as necessary
  • Assists in other departments of the company as necessary
  • Ability to operate vehicles, equipment or machinery (Computer, phone, printer, copier, fax)
 
Required skills, abilities, and certifications:
  • A Bachelor’s degree in Computer Science or a minimum of 6 years of information systems security experience
  • Prior experience in working with Vendor Risk Management (VRM) or Third-Party Risk Management (TPRM) or Risk Management Program
  • Experience with collaborating and influencing with partner organizations
  • Working knowledge of ServiceNow and Security Scorecard
  • Working knowledge of security risk assessment and control frameworks, good understanding of privacy regulations, data management practices, and security stack
  • Ability to interpret information security data and processes to identify potential compliance issues (SOX, HIPAA, PCI, Privacy)
  • Ability to quickly understand security systems in order to identify and validate risk exposure from vendors and third-parties
  • Ability to clearly communicate effectively with executives, auditors, end users, and engineers
  • Ability to work effectively, independent of assistance or supervision
  • Experience with SIG and/or other vendor questionnaires
  • Needs to be self-starter and action oriented to drive risk identification and mitigation efforts
  • Innovative, creative, and extremely responsive, with a strong sense of urgency
  • Demonstrated mentoring skills (knowledge sharing and assist others in understanding technical and business topics)
 
Recommended:
  • At least one technical certification related to a major platform (Microsoft, Linux or Cisco)
  • Working knowledge of with firewalls, routers, load balancers and DMZ silos, and packet capture technologies
  • Successful internal candidates will have spent one year or more on their current team
this job portal is powered by CATS