Job Title

Key ResponsibilitiesVendor Risk Assessments: Conduct comprehensive information security risk assessments on third-party vendors and service providers. Evaluate their security posture, identify vulnerabilities, and ensure compliance with company policies, industry standards, and legal/regulatory requirements.Risk Mitigation & Management: Collaborate with stakeholders to define risk mitigation strategies for third-party vendors. Monitor and manage the lifecycle of vendor risk and ensure that risk treatment plans are in place and executed.Compliance & Regulatory Oversight: Ensure that third-party vendors comply with relevant industry standards (e.g., GDPR, ISO 27001, SOC 2, etc.) and internal security policies.Contractual Security Requirements: Work closely with the legal and procurement teams to establish and enforce security terms in third-party contracts, including Service Level Agreements (SLAs) and Data Processing Agreements (DPAs).Continuous Monitoring: Implement processes and tools for ongoing monitoring of third-party security posture. Evaluate third-party security reports, incident response, and performance metrics to ensure adherence to agreed-upon security controls. QualificationsEducation: Bachelor’s degree any field.Experience: Minimum of 6 years of experience in information security, risk management, or a related field, with a focus on third-party risk management. Demonstrated experience in assessing and mitigating risks associated with third-party vendors, including security assessments, audits, and compliance management. Knowledge of industry frameworks such as SOC2, ISO 27001, and NIST.Skills: Strong understanding of information security principles and third-party risk management processes. Experience with vendor management tools and security risk assessment platforms. Strong communication skills to interact with technical and non-technical stakeholders. Ability to evaluate, interpret, and communicate security and compliance risks. Project management skills with the ability to prioritize tasks and meet deadlines.Technical Proficiency: Familiarity with security technologies, threat intelligence, and risk management tools. Understanding of cloud security, data protection, and privacy laws. Personal AttributesStrong analytical and problem-solving skills.Detail-oriented with a focus on risk identification and mitigation.Proactive and self-motivated, able to work independently and in teams.Strong interpersonal skills, with the ability to build effective relationships across departments and external parties.