Information Security- Vendor Risk

31 Oct 2024

Vacancy expired!

THIS POSITION IS CURRENTLY REMOTE, BUT WILL BE ONSITE- TBD. THERE IS ALSO A 20-30K BONUS AND 2500/YEAR STOCK OPTIONS AND GREAT BENEFITSThe Information Security Vendor Risk Manager will evaluate third-party vendors to determine if their information security programs are adequate to protect company information.The vendor risk process includes engaging vendor owners to determine initial vendor risk, reviewing third party risk reports, due diligence questionnaire answers, SOC reports, and policies to determine an overall risk posture of higher-risk vendors.Any outstanding risks will be presented to management for risk acceptance. Once a vendor is approved, the Vendor Risk Manager will track identified deficiencies in their program to remediation.The Vendor Risk Manager will also assist in determining required vendor control standards.

Responsibilities
  • Engage with internal vendor owners to determine initial third-party vendor risk ratings.
  • Manage third-party vendor risk evaluation services.
  • Communicate directly with third-party vendors.
  • Perform third-party vendor security assessment activities including evaluation of vendor controls and practices, process enhancements, and reviewing independent audit service reports.
  • Escalate outstanding risk items to management for acceptance or rejection.
  • Communicate and track remediation plans with third-party vendors, business and technology partners, and where applicable, recommend mitigating/compensating controls.
  • Maintain and present metrics on the vendor risk program to management.
  • Continuously monitor third party vendor’s security posture and information security risk.
  • Advise and guide business and technology partners regarding compensating control alternatives where security requirements cannot be met.

Qualifications
  • 5+ years’ experience in an information security role
  • 3+ years of IT compliance, IT controls, or risk management experience is desired
  • Bachelor's degree in Computer Science or technology/information security-related field
  • Experience with RiskRecon, CyberGRX and/or Coupa risk module is a plus
  • Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Controls (CRISC) is a plus
  • Understanding of ISO-27000 or NIST 800 based security program standards
  • Knowledge of relevant legal and regulatory requirements, as well as privacy laws
  • Knowledge of security risks pertaining to cloud (IaaS, SaaS, AaaS) offerings
  • Quick learner with a desire to always learn combined with the ability to multi-task
  • Attentive, organized, and detail oriented
  • Excellent communication skills

  • ID: #21958309
  • State: Connecticut Greenwich 06830 Greenwich USA
  • City: Greenwich
  • Salary: $120,000 - $140,000
  • Job type: Permanent
  • Showed: 2021-10-31
  • Deadline: 2021-12-23
  • Category: Security