The team is looking to add an Information Security/Cyber Risk analyst to join our team and play a key role in assessing third-party security risk. In this role, you’ll evaluate vendor-submitted questionnaires and documentation to identify any potential security risks, helping us maintain compliance with legal and regulatory standards. You’ll need a strong understanding of information security frameworks, experience with vendor risk assessments, and sharp analytical skills to succeed in this position.
Key Responsibilities:
- Conduct reviews of vendor materials, such as SOC reports, certifications, and policies, to ensure they meet our security standards.
- Identify and document any security gaps, requesting additional information as needed through the vendor management process.
- Collaborate with various teams to align security efforts with regulatory standards and industry best practices.
- Report on the status of vendor security reviews, including metrics on volume and progress.
What We're Looking For:
- Bachelor's degree in Information Systems, related field, or equivalent experience.
- Minimum 3 years of hands-on experience in conducting vendor security assessments.
- Familiarity with security frameworks such as ISO 27001/2, NIST CSF, NIST SP 800-53, SIG, etc.
- Strong analytical and organizational skills, with an ability to translate complex security details into actionable insights.
- Industry certifications (CISA, CRISC, CISM, etc.) are a plus but not required.
