Vendor Risk Analyst (Associate)
United States,
Dallas
Permanent
Job ID: 2142
Job Description
[c. $130-170k Comp Package | On-Site Working]
Our client, a leading global investment bank, seeks an experienced Vendor Cyber Risk Professional for their Technology Risk Advisory function. This role involves delivering top-tier advisory support and technology solutions across Information Security risk domains. You'll conduct risk assessments, manage regulatory requirements, and help counterparts effectively manage risk. Ideal for those with a systems administration background and a deep understanding of networking and encryption, this position offers a chance to make a significant impact in a dynamic environment!
Key Responsibilities:
- Shape the Vendor Technology Risk strategy and lead a team in assessing and managing vendor Information Security Risk across the firm
- Oversee Vendor Technology Risk initiatives and assessments, including evaluations of logical security controls, Cloud, Mobile, and Application security
- Conduct cyber-focused risk assessments and recommend mitigating controls, going beyond just GRC
- Collaborate with Legal to develop and review Information Security contractual requirements
- Provide guidance on emerging technologies (e.g., Cloud computing/AI) and assess associated risks
- Ensure alignment of Technology Risk's role within the Procurement process
Key Requirements:
- 6+ years of experience in Vendor Cyber Risk Management, with a strong technical foundation
- Solid grasp of Information Security controls and their implementations, beyond just TPRM
- Extensive experience working with NIST/ISO/Regulatory frameworks, ideally in financial services
- Proficiency in conducting cyber-focused risk assessments and recommending mitigating controls
- Proven track record of implementing well-recognised risk management frameworks
- Working knowledge of the regulatory landscape and its impact on the vendor ecosystem
- Bachelor’s degree in Computer Science, System/Computer Engineering, Cyber-Security, Information Security, Information Technology, or Risk Management
- Deep technical understanding of systems, networking, and encryption technologies, including the ability to discuss various types and applications of encryption in detail
- (Preferred) Prior experience conducting IT/cyber security audits
- (Preferred) Relevant certifications such as CISA, CRISC, CISM, or CISSP
...
Apply for this role
All fields marked with * are required.