Vendor Information Security Risk Management Specialist

Job Overview

We are seeking a highly skilled and motivated Vendor Information Security Risk Management Specialist to join our team. This individual will be responsible for evaluating and tracking information security risks posed by third-party vendors and partners. As part of the G&C team, you will collaborate with various stakeholders to ensure the integrity, confidentiality, and availability of our data and systems when interacting with external entities.

Key Responsibilities

• Vendor Risk Assessments: Conduct comprehensive information security risk assessments on third-party vendors and service providers. Evaluate their security posture, identify vulnerabilities, and ensure compliance with company policies, industry standards, and legal/regulatory requirements.
• Risk Mitigation & Management: Collaborate with stakeholders to define risk mitigation strategies for third-party vendors. Monitor and manage the lifecycle of vendor risk and ensure that risk treatment plans are in place and executed.
• Compliance & Regulatory Oversight: Ensure that third-party vendors comply with relevant industry standards (e.g., GDPR, ISO 27001, SOC 2, etc.) and internal security policies.
• Contractual Security Requirements: Work closely with the legal and procurement teams to establish and enforce security terms in third-party contracts, including Service Level Agreements (SLAs) and Data Processing Agreements (DPAs).
• Continuous Monitoring: Implement processes and tools for ongoing monitoring of third-party security posture. Evaluate third-party security reports, incident response, and performance metrics to ensure adherence to agreed-upon security controls.

Experience:

• Minimum of 6 years of experience in information security, risk management, or a related field, with a focus on third-party risk management.
• Demonstrated experience in assessing and mitigating risks associated with third-party vendors, including security assessments, audits, and compliance management.
• Knowledge of industry frameworks such as SOC2, ISO 27001, and NIST.

Skills:

• Strong understanding of information security principles and third-party risk management processes.
• Experience with vendor management tools and security risk assessment platforms.
• Strong communication skills to interact with technical and non-technical stakeholders.
• Ability to evaluate, interpret, and communicate security and compliance risks.
• Project management skills with the ability to prioritize tasks and meet deadlines.

Technical Proficiency:

• Familiarity with security technologies, threat intelligence, and risk management tools.
• Understanding of cloud security, data protection, and privacy laws.

Personal Attributes:

• Strong analytical and problem-solving skills.
• Detail-oriented with a focus on risk identification and mitigation.
• Proactive and self-motivated, able to work independently and in teams.
• Strong interpersonal skills, with the ability to build effective relationships across departments and external parties.