Job Title: Security Analyst Sr.
Location: Salt Lake City Utah/ San Jose, CA
Duration: Long-Term Contract
The Vendor Security Assessor position is responsible for supporting Client’s Global Vendor Security program.
This individual will be working directly with business and technology leaders to understand vendor security issues and risks; overseeing vendor security assessment efforts; prioritizing vendor security assessment activities; and negotiations involving contract terms related to Information Security Requirements.
We are looking for someone with security, communication, negotiation, and writing skills, experience with Information Security and Risk Management practices and principles.
The successful candidate will also have an understanding of information protection requirements and solutions as well as the threats and challenges impacting the protection of information across an extended global enterprise.
The successful candidate will have a good blend of experience working within legal, vendor management, and information security risk/governance.
• Work with Client business and technology partners to evaluate information security risks related to strategic vendors and partners.
• Communicate vendor security risks to business leaders to ensure a clear understanding of these risks.
• Negotiate Information Security contract requirements with Legal, Procurement, and Vendors/Partners.
• Conduct information security program reviews of vendors to evaluate any critical risks.
• Establish and prioritize vendor security assessment activities.
• Negotiate remediation of security issues with vendors and third parties.
• Communicate and present key vendor security initiatives, practices, and issues to business units.
• Must be able to interface and coordinate work efficiently and effectively with business colleagues and vendors in global locations and time zones.
• Strong communication and negotiation skills.
• Strong writing skills with experience writing legal contract information security requirements preferred.
• Self-starter with the ability to manage multiple tasks concurrently.
• Ability to communicate effectively with technical staff, business owners, and leadership.
• 3+ years of experience in Information Security Risk functions within the vendor risk management area.
• 1+ year experience reviewing contracts and negotiating information security/privacy contract terms.
• Experience using vendor cybersecurity scorecard platforms (Bit Sight, RiskRecon, Security Scorecard, etc.) is strongly preferred.
• Strong analytical, organizational and decision-making skills.
Education and Certifications:
• Bachelor’s Degree or equivalent work-related experience required.
• CISSP, CISM, CISA, CIPP or equivalent preferred.
Interview Process: 1. VC Screen 2. VC interview w/ the team *if the candidate wants to see the office that could be set up
Desk: +1 703-544-2960