|
Search Jobvertise Jobs
|
Jobvertise
|
Vendor Risk Analyst Location: US-MI-Farmington Hills Email this job to a friend
Report this Job
Coretek is hiring a Vendor Risk Analyst to perform various functions in ensuring effective identification and examination of areas of potential risk to meet regulatory, compliance, and risk management requirements.
Under the direction of the Audit & Compliance Manager, this individual is responsible for the following activities: - Using a risk-based approach to conduct detailed assessments of vendors periodically and monitor third-party vendors security practices and compliance with contractual obligation.
- Assessing the criticality of vendor services to the organization
- Working with the Privacy Team to conduct privacy impact assessments for potential vendors and applications, where applicable.
- Developing and maintaining high-quality risk assessment documentation covering assessment findings, risk statements, risk ratings, impact and likelihood, justifications, and recommendations in the Coretek GRC tool and risk register.
- Providing sufficient information to risk owners and vendors in the development of treatment plans for the effective management of risk relating to Coretek vendors. Monitor the execution of risk treatment(s) and evaluate the residual risk.
- Contributing to process improvements to continuously mature the Vendor Management Program. Champion the program mission and value proposition throughout the organization.
- Collaborate and consult with vendor relationship managers across the organization during the evaluation of potential and existing vendors.
- Other duties as assigned.
Requirements - 3+ years of direct work experience in third-party risk management and/or cyber risk management with a Bachelor degree in Computer Science, Information Security, or similar technical field of study;
- Self-driven with the ability to work both independently and as part of a team to deliver quality work in a fast-paced environment
- Flexibility and ability to think creatively and to identify new ways to approach old problems
- Distinct analytical, decision-making, and problem-solving skills
- Paying particular attention to detail, and the ability to prioritize works efficiently and effectively
- Time management skills to work within the timeframe set out by Coretek.
- Demonstrate familiarity of information security risks and countermeasures and HIPAA, SOC2, ISO 27001, NIST 800-171/CMMC and other information security and control frameworks.
- Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together.
Coretek Services
|