REMOTE Supplier Risk Analyst

Supplier Risk Analyst The Supplier Risk Analyst will be responsible for reviewing supplier documents, consulting with appropriate departments and compiling information into a summary for the teams use.

Responsibilities

• Coordinate and perform supplier security risk reviews:
• Review incoming documents from Suppliers (e.g., SOC 2 Type II reports, high level system architecture diagrams, information security policies)
• Consult with other shared service departments, as appropriate (e.g., Procurement, Privacy, Operational Risk, Legal)
• Compile information into a summary report, highlighting concerns in the form of a risk report/profile for a supplier or particular engagement
• Support reporting and analysis of supplier security risk:
• Monitor key supplier changes and risk indicators.
• Issue monitoring, exception tracking and oversight of remediation actions to improve overall Supplier performance
• Define, measure and monitor progress of supplier risk management activities (Issue Tracking, Risk Remediation Efforts, Key Supplier Metrics)
• Create reporting materials detailing program activities, supplier metrics and issue remediation
• Maintain supplier data accuracy within designated systems.
• Provide guidance and training to stakeholders on supplier risk management policies and procedures.

Experience:

• Bachelor’s degree in Business Information Systems, Computer Science or similar.
• Minimum four years related experience, including at least two years of third party risk management experience conducting risk or compliance assessments
• Understanding of information security frameworks and standards (e.g., NIST 800-171, ISO27002/27002, PCI, GDPR)
• Ability to document and communicate assessment results clearly and concisely
• Knowledge of supplier risk management methodologies, risk mitigation principles
• Ability to work both independently and as part of a team to deliver quality work
• Attention to detail, and the ability to prioritize works efficiently and effectively
• Nice to have
• Experience with ServiceNow and/or OneTrust.
• Security-related certifications (CISA, CISM, CISSP, SANS GIAC)
• Higher education and/or research institution experience
• Understanding of higher education legal and regulatory environment (e.g.