Senior Risk and Compliance Lead

September 20

Apply Now

Receive Emails with Similar Jobs

Everbridge

WebsiteLinkedInAll Job Openings

Critical Communications • IT Alerting • Incident Management • Clinical Communications • Secure Messaging

1001 - 5000

Description

•Support the Security & Compliance team in delivering vendor risk management services across the organization. •Well-versed in performing vendor risk assessments and managing overall vendor portfolio in a GRC platform. •Perform vendor risk assessments for new and existing vendors. •Responsible for reviewing questionnaires and evidence as part of performing vendor risk assessments. •Knowledge of partnering with Legal and Privacy on an ongoing basis in the review of information security contractual requirements. •Knowledge of Cloud computing and how to assess Cloud-related risks (SaaS, PaaS, IaaS). •Knowledge of the overall Procurement process and understanding of Information Security’s role in the process. •Design and update vendor risk management procedural documentation as needed. •Perform vendor compliance risk tracking, trending, analysis, and executive reporting. •Develop and analyze Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs). •Support integration or improvements of GRC tooling into existing policy, process, workflows, and procedures as necessary to improve efficiency and mitigate risk. •Keep abreast of the latest security, privacy, business continuity, regulatory concerns, and best practices impacting third-party risk management.

Requirements

•7+ years of experience as a Security Risk Analyst/Consultant •Proficient verbal and written communication skills •Prior experience conducting audits •Knowledgeable of information security standards and regulations (e.g. FedRAMP, NIST, ISO 27001, SOC 2/SSAE18) •One or more of the following certifications: CISA, CRISC, CISM, CISSP •Prior experience with GRC tools like StandardFusion, Archer etc.