GRC Specialist, Vendor Risk Management
- Designing and implementing broad third-party governance and risk management frameworks/processes, developing third-party risk and control assessments, and implementing managed services to improve/enhance an organization’s Supplier Relationship and Supplier Risk Management program.
- Support the customer lifecycle of 3rd party risk management by managing the documentation and distribution of responses to customers through customer engagement.
- Customer Security Questionnaires, Customer’s Vendor Risk Management questionnaires, Qualys’ Supplier Risk Management, Custom Audits, and other applicable documentation.
- Demonstrated problem-solving capacity and the ability to make decisions that impact customer/supplier service levels with a sense of urgency.
- Provide subject matter mentoring and training to peers and other colleagues in the organization.
- Identify opportunities for improvements in security and business processes, and partner with the GRC Design & Innovation team to implement enhancements to the Issues & Exceptions Management processes.
- Master's degree in business, information systems or computer science, or equivalent experience.
- 6 to 7 years of experience in Information Security Governance, Risk, and Compliance, preferably in a cloud-focused organization.
- Experience with information security frameworks such as FedRAMP, SOC 2, ISO 27001/2, NIST SP 800-53, Cybersecurity Framework, Supplier-Chain Risk Management Framework.
- Experience with Supplier Risk Management Tools or Automation of Third-Party Risk Management process.
- You have created and maintained relationships with business and technical experts throughout the company who provide expertise in security requirements and solutions design.