Perform new and recurring third party risk assessments. Lead or assist with vendor risk assessment activities
Review of third party provided audit reports and supporting collateral e.g., SOC reports and other certifications, or review of third-party security whitepapers.
Using platforms and/or ‘SIGs’ / ‘STIGs’ issue and review questionnaires completed by third parties describing their environment and controls.
Collaborate with the Procurement Team and the other teams such as Security and Privacy.
Work in a self-directed, collaborative, and constructive manner with our internal stakeholders.
Work with vendors to address any remediation activities required following completion of the assessment.

A minimum of 2–3 years of hands-on experience in IT Security and/or Governance, Risk, and Compliance (GRC), specifically in managing or evaluating security controls within an organization.
Recent working experience with at least two of the following compliance programs: ISO 27001, SOC2 / SOC1, PCI, SSAE18, HIPPA, FISMA/FedRAMP.
Ability to understand the intent of compliance requirements to provide effective and meaningful analysis.
Ability to communicate technical security risks to non-technical business stakeholders. Strong ability to influence or negotiate with stakeholders dealing with competing priorities. Excellent organization and time management skills to oversee simultaneously occurring projects, tasks, and deadlines.
Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI's potential impact on the function or industry.
Bachelor's degree preferred
Prior experience of working in the Security and/or Compliance group.
Relevant professional certifications such as CISSP, CISA, CISM, CIPP, GIAC, PMP.
Excellent report writing skills, ability to prepare compliance reports and associated metrics.

Vendor Risk Analyst

Key skills