Vendor Risk Analyst Job Description
Vendor risk analyst
provides security support of Network Security Systems, Firewalls, Intrusion Detection, Proxy Server Web Content Filter, VPN Concentrator, Virus/Malware Management, Host Intrusion Detection, Endpoint Encryption and Security Event Logging.
Vendor Risk Analyst Duties & Responsibilities
To write an effective vendor risk analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included vendor risk analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Demonstrated in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains
Collaborate across multi-departments to promote industry best practices and strategic organizational security efforts the development of our IT security policies
Extract and analyse data from ERP & other sources
Create comparatives for management reviews & recommendations
Spend analyses & pay out reports for the global SVM function
Weekly/Monthly/Quarterly pipeline (work in progress) reports for SVM & VRM teams to support business & compliance requirements
Prepare dashboards for monthly/quarterly/annual reviews
Regular tracking of Saves/Turnaround time/ Risk performance
Work closely & support SVM & VRM teams with tracking ongoing vendor management requirements
Supporting role in maintaining the SVM Compliance database per company guidelines, researching active purchase orders, invoices, and other expenses to ensure adherence to policy
Vendor Risk Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Vendor Risk Analyst
List any licenses or certifications required by the position: CISSP, CISM, CIA, CTPRP, CISA, SSAE, FRS, ISACA, SOC1, ISAE
Education for Vendor Risk Analyst
Typically a job would require a certain level of education.
Employers hiring for the vendor risk analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Collage Degree in Finance, Business, Management, Education, Economics, Accounting, Business/Administration, Information Technology, Computer Science, Project Management
Skills for Vendor Risk Analyst
Desired skills for vendor risk analyst include:
Concepts
Access control
Application & operations security and compliance/incident management
Best practices and controls in a breadth of information security areas/domains
Cryptography
Network security
Physical security
Security architecture and design
Database architecture and intrusion detection/prevention systems
Network & web infrastructures
Desired experience for vendor risk analyst includes:
Understanding of procurement & risk processes is an added advantage
Ability to multitask and to complete difficult assignments within tight deadlines
Skilled at managing issues through to resolution
BS/BA/MBA/Graduate, preferably in accounting/finance, business administration, economics, or technology
Knowledge of information security and risk controls
Experience with financial services or other highly regulated industries
Vendor Risk Analyst Examples
1
Vendor Risk Analyst Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of vendor risk analyst. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for vendor risk analyst
- Performing IT assessments
- Develop, coordinate, plan and execute onsite assessments for third parties focusing on compliance with regulations, company policies, training curriculum, and internal controls
- Prepare for assessments by reviewing documentation of processes performed by the third party
- Document assessment template, follow up on outstanding deliverables, and score the assessment with an overall rating
- Compose assessment report containing findings and recommendations for business to review
- Ensure that potential issues are raised promptly to senior management with a view to identify options to mitigate risk
- Routinely handles exceptional/unusual situations
- Evaluate third parties attributes to determine risk tier
- Assist with quality control and manager control assessments
- Identify enhancements and process efficiencies to keep assessment program in line with regulatory requirements
Qualifications for vendor risk analyst
- Working with business unit management and vendor contacts in the acquisition of these documents to discuss any identified issues
- Familiar with CFPB bulletin requirements
- Ability to analyze documents and determine risks and process controls
- Excellent communication skills both verbal and written and ability to interact confidently with internal clients, external third parties, Auditors and Regulators
- Proficiency with Microsoft Word, Excel, PowerPoint, Outlook and other PC desktop applications
- Analyzes supplier marketplace data including industry structure and demographics, supplier performance, cost dynamics
2
Vendor Risk Analyst Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of vendor risk analyst. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for vendor risk analyst
- Perform key vendor oversight function and measure against established benchmarks/SLAs
- Work closely with I.S
- Act as a subject matter expert during supplier contract negotiations (generally Procurement or Legal-led negotiations)
- Work in concert with business operations, risk and technology teams, internal functions, to identify, manage and mitigate risk
- Coordinate and lead cross functional Third Party review meetings
- Assist with Third Party Assessments and internal and external reviews as needed
- Act as project manager for initiatives and projects
- Assists in establishing and following methodologies designed to identify general system and business controls, and identify and prioritize risks
- Develops, manages and executes plans to communicate and remediate all known material weaknesses or significant deficiencies, and minimize any deficiencies noted by either internal or external auditors
- Works closely with IT Management, Accounting, Legal and internal/external auditors to ensure successful follow-through and completion of compliance and mitigation activities
Qualifications for vendor risk analyst
- Experience in supporting management of vulnerability and/or risk remediation
- Experience in supporting policy development and maintenance
- Able to successfully prioritize and manage to completion multiple complex tasks and deliverables, and demonstrate the highest degree of integrity and accountability in all actions
- The role will be remote with 80% travel throughout the USA
- In this role, the Vendor Assessment Analyst will participate in the assessment of key vendors with regards to their security and privacy posture
- Routine assessment activities will include, but not be limited to the following
3
Vendor Risk Analyst Job Description
Job Description Example
Our company is growing rapidly and is looking for a vendor risk analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for vendor risk analyst
- Collaborate with multiple internal business and sourcing teams, including enterprise services, fund administration, human resources, marketing, professional services, and technology to identify, address, and communicate inherent and residual vendor risks
- Develop strong relationships with key department heads (including regional managers) to ensure vendor risk is understood and managed appropriately
- Generate vendor due diligence questionnaires for high-risk services
- Review vendor responses and other due diligence documentation
- Document due diligence results, residual risks, and ongoing vendor management tasks
- Address vendor operating, breach, and other reported risk events to ensure appropriate remediation plans are prepared by working closely with the business and SMEs
- Oversee and document contract and risk remediation activities for third party relationships
- Monitor and review vendor performance reports prepared by the business users
- Conduct annual vendor risk segmentation and establish inherent risk ratings for new vendors
- Provide input and periodically test updates to the firm’s risk systems
Qualifications for vendor risk analyst
- Escalate issues (delays
- Ability to work independently, , part of a matrixed team
- Person must be CISSP certified
- 3+ years’ experience in related vendor oversight field
- Candidate must have 3-5 years of experience working in information security (in addition, 2-3 years working in IT audit preferred)
- Candidate must have a strong understanding of vendor risk management
4
Vendor Risk Analyst Job Description
Job Description Example
Our innovative and growing company is hiring for a vendor risk analyst. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for vendor risk analyst
- Perform business unit compliance testing to ensure internal policies and procedures, client, investor, state requirements
- Ensure Vendor Management policies, procedures and key controls are aligned with security standards, and regulatory requirements by performing projects, applications and systems security risk and compliance assessments
- Mitigates Vendor Risks including vulnerability and configuration deficiencies by conducting investigations of possible security exceptions
- Maintain awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations pertaining to vendor risks associated with information security, data privacy and retails and pharmacy operations
- Develop communications and related campaigns for practices according to Vendor Risk Management security standards as part of the enterprise Security awareness program
- Lead and perform periodic assessments of Vendor information systems, people and processes to identify risks associated with compliance gaps and security vulnerabilities, and develop and execute remediation action plans to reduce or eliminate vendor risk exposure
- Provide Vendor Risk Management consulting and project management services on complex issues related to confidentiality, integrity of data and availability
- Provide Vendor related security consulting and project management services on complex issues related to data access, integrity, confidentiality and business continuity
- Educate IT and business about security policies covering Vendor Risk Management
- Consults on security issues regarding user built/managed systems
Qualifications for vendor risk analyst
- Significant understanding of the widely accepted security standards (e.g., ISO 27002, NIST, Shared Assessments )
- Industry certifications such as (ISO-27001/27002), NAID, URAC, PCI CORA, HITRUST, SysTrust
- Bachelor’s degree required (Master’s degree preferred) or equivalent experience
- Functional knowledge of common information security controls, security frameworks and standards (e.g., ISO 27001, ISO 27018, SOC 1 / SSAE 16 & 18, SOC 2, NIST CSF, PCI-DSS, COBIT, CSA CCM, SIG) and ability to glean significance from findings identified in these reports and various deliverables
- Excellent interpersonal skills and ability to work effectively with diverse and distributed teams
- Candidate must have strong verbal and written communication skills
5
Vendor Risk Analyst Job Description
Job Description Example
Our innovative and growing company is searching for experienced candidates for the position of vendor risk analyst. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for vendor risk analyst
- Ensure that Customer’s security commitments are tracked and managed
- The knowledge to evaluate, build, and optimize security program elements as assigned, application security, vendor risk management, business continuity
- Deliver presentations to staff or external entities as needed, including executive presentations
- Provide key support to business and compliance stakeholders in the completion of compliance risk assessments and due diligence reviews on all new third-party vendor engagements, and ongoing monitoring of existing vendors
- Provide key support and lead projects for the TPCRM Program and the enterprise program
- Collaborate with stakeholders in the third -party process to execute program documentation, regulatory updates, and risk-based monitoring protocols designed to reduce compliance risk exposure
- Assist with development and maintenance of related program tools, policies, procedures, training, quick reference guides and training resource tools
- Monitoring and assessment of enterprise-wide adherence to vendor management policy requirements
- Perform third party compliance risk tracking, trending, analysis, and MIS reporting
- Manage, administer, assess, and maintain vendor management software to achieve the goals of the Corporate Vendor Management Program and Policy
Qualifications for vendor risk analyst
- Travel requirements <=25% that would include GSO all hands meetings, team offsite meetings, training and onsite supplier visits
- Ability to multi-task with strong attention to detail and accuracy
- Team orientated philosophy with experience supporting multiple team members and working collaboratively with peers
- Ability to communicate effectively with business partners
- Ability to multitask and complete difficult assignments with tight deadlines
- BS/BA required, preferably Business, Finance, Risk Management, or Technology