Vendor Risk Analyst (Associate)

United States, Dallas
Permanent
Job ID: 2142

Job Description


[c. $130-170k Comp Package | On-Site Working]

Our client, a leading global investment bank, seeks an experienced Vendor Cyber Risk Professional for their Technology Risk Advisory function. This role involves delivering top-tier advisory support and technology solutions across Information Security risk domains. You'll conduct risk assessments, manage regulatory requirements, and help counterparts effectively manage risk. Ideal for those with a systems administration background and a deep understanding of networking and encryption, this position offers a chance to make a significant impact in a dynamic environment!


Key Responsibilities:

  • Shape the Vendor Technology Risk strategy and lead a team in assessing and managing vendor Information Security Risk across the firm
  • Oversee Vendor Technology Risk initiatives and assessments, including evaluations of logical security controls, Cloud, Mobile, and Application security
  • Conduct cyber-focused risk assessments and recommend mitigating controls, going beyond just GRC
  • Collaborate with Legal to develop and review Information Security contractual requirements
  • Provide guidance on emerging technologies (e.g., Cloud computing/AI) and assess associated risks
  • Ensure alignment of Technology Risk's role within the Procurement process


Key Requirements:

  • 6+ years of experience in Vendor Cyber Risk Management, with a strong technical foundation
  • Solid grasp of Information Security controls and their implementations, beyond just TPRM
  • Extensive experience working with NIST/ISO/Regulatory frameworks, ideally in financial services
  • Proficiency in conducting cyber-focused risk assessments and recommending mitigating controls
  • Proven track record of implementing well-recognised risk management frameworks
  • Working knowledge of the regulatory landscape and its impact on the vendor ecosystem
  • Bachelor’s degree in Computer Science, System/Computer Engineering, Cyber-Security, Information Security, Information Technology, or Risk Management
  • Deep technical understanding of systems, networking, and encryption technologies, including the ability to discuss various types and applications of encryption in detail
  • (Preferred) Prior experience conducting IT/cyber security audits
  • (Preferred) Relevant certifications such as CISA, CRISC, CISM, or CISSP


...


Apply for this role

All fields marked with * are required.

I confirm I have a pre-existing Right to Work in this location *

Back to Job Listings