Developing, implementing, and validating IT control standards and procedures for third‑party vendors.
Conducting detailed vendor risk assessments, identifying potential control gaps, and recommending remediation actions or enhanced control designs.
Evaluating the effectiveness of existing vendor controls through scheduled testing based on vendor criticality tiers and documenting results in accordance with established risk and compliance frameworks.
Overseeing policy, standards, guidelines, and control monitoring and testing for Vendors.
Conducting process design, analysis, documentation, implementation and testing activities.
Analyzing communication and recommending updates.
Participating in the testing and evaluation of new products and processes.

Four-year college degree from an accredited institution; Bachelor’s Degree in Business, Risk, IT, or related field with focus on information systems or related experience.
Five (5) or more years of related experience with a minimum of two years of relevant work experience in Risk Management.
Strong knowledge of IT general controls related to operations, information security and change management of systems software, application source code, network, and system database technologies.
Experience testing automated and manual application controls; security testing experience required.
Risk assessment ability and internal audit experience.
Excellent communication and interpersonal skills; good report writing skills.
Knowledge of IT security and infrastructure.
Knowledge of operating system platforms.
Excellent analytical skills.

IT Vendor Risk Management Analyst

Key skills