Evaluate risks presented by new and existing vendors across cybersecurity, operational, financial, compliance, business continuity, privacy, and reputational domains.
Gather required due diligence artifacts such as SOC 2 reports, independent audits, penetration test summaries, cybersecurity questionnaires, and financial statements.
Review contracts and amendments for required information security and risk-related provisions.
Prepare reporting for management, committees, and the Board.

Bachelor’s degree in Information Security, Business, Risk Management, or related field.
2–5 years of experience in vendor management, third-party risk, cybersecurity risk, or related banking role.
Ability to interpret SOC reports and cybersecurity controls.
Strong analytical and documentation skills.

Information Security Vendor Management Analyst

Key skills