Vendor Security Analyst
Job Type: Full Time / Permanent
POSITION SPECIFICATIONS: Bachelor’s Degree in computer science, Information Systems, Information Security or Networking, or equivalent work experience required Minimum 1 year of experience in information or third-party risk analysis or related job role; prior work experience in information technology audit or information security experience preferred. Knowledge of common security frameworks such as CIS, NIST, ISO 27001. Diversity of technical knowledge and skills across all IT disciplines, such as information security, system administration, networking, software development, etc. preferred Able to serve in lead or individual contributor roles as required.
MAJOR DUTIES: Monitor and evaluate third parties’ compliance with information technology (IT) security requirements across all capabilities using implemented capabilities. Serve as the responsible subject matter expert on information security risk management as it relates to third parties, utilizing industry standards such as CIS, NIST, and OWASP. Assess remediation plans and non-compliance acceptances where Information Security standards compliance cannot be achieved. Review services and data in scope of the assessment and analyze security risk ratings. Conduct formal end to end Information Security Assessments (review of questionnaires, third party security audit reports and evidence, onsite assessments, etc.). Use third-party risk evaluation tools to monitor and reduce organizational cyber risk associated with third parties. Perform security reviews, identify gaps in security architecture and assist in the development of a third-party risk management plan. Perform risk analysis on third party capabilities (i.e., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change). Work on projects as directed by management.
HOURS/LOCATION: 8:30 a.m. – 5:00 p.m. (Overtime as required). Warrendale location (Hybrid schedule). Work at downtown location when required.
EXPLANATORY COMMENTS: Good communication and interpersonal skills. Good decision making and problem-solving skills. Good analytical skills with attention to detail and accuracy. Ability to work on multiple projects simultaneously. Ability to work effectively both individually and as a member of a project team.