Vendor Security Consultant

JOB DESCRIPTION

  • Responsibilities:

    1. Vendor Security Risk Analysis (60% of role)

    • Perform all aspects of the security and risk assessment of suppliers and vendors through complex qualitative and quantitative review of risk indicators, threats, and assets

    • Evaluate suppliers’ security practices and provided documentation to identify the security posture and capability to securely manage our information and assets

    • Lead and perform the onsite assessment, using technology and information security experience to identify compliance and risks.

    • Identify control gaps and vulnerabilities with suppliers and work with leadership and suppliers to address security concerns and remediation in a timely manner

    • Document assessment results distilling complex analysis into a clear and understandable manner for supplier and business leadership audiences

    • Provide guidance to the business relationship managers to ensure their understanding, support and acceptance of the risks involved in doing business with each supplier.

    • Verify remediation has been adequately implemented before closing open supplier security findings

    • Assisting with the negotiation of supplier contracts with respect to security requirements and articulating risk to supplier and business managers when suppliers are not agreeing to security terms

    • Developing effective relationships with business relationship managers, suppliers, and vendor management teams to enable successful navigation of delicate topics

    • Escalate issues related to suppliers as necessary in a timely manner

     

    2. Internal Security Risk Analysis (20% of role)

    • Conduct analysis and assessment of information security processes and system controls against corporate, regulatory, and internal information security compliance standards

    • Provide guidance to information security functional teams with implementing, monitoring, and reporting of control processes, documentation, and compliance measures

    • Identify internal control gaps and vulnerabilities and work with leadership to address security concerns and remediation in a timely manner

    • Document assessment results distilling complex analysis into a clear and understandable manner for leadership audiences

    • Verify remediation has been adequately implemented before closing open security findings

    • Develop effective relationships with internal security and technology teams to enable successful navigation of delicate topics

    • Escalate issues as necessary in a timely manner

     

    3. Governance and Engagement: (20% of role)

      • Delivering reporting and metrics to demonstrate volume, value and trending of all vendor security activities

      • Identify opportunities for process improvements to deliver increasing efficiency and risk quantification in the processes.

      • Assist with Risk and Vendor Security program initiatives working closely with the Information Security team and other business areas

      • Support internal education and best practices sharing with peers and colleagues, as well as third party education & awareness, as needed

      • Understands the role of the security department and how it contributes to the overall goals and business strategy of the Company.

      • Proactively develop courses of action to ensure assigned goals are met without being prompted to do so.

      • Adapt to meet new challenges and changes in Company and technical security direction and understand the business needs and challenges to recommend strategies.

     

  • Requirements:

    Requirements: (Must haves)

    • 2-5 years of relevant work experience

    • Demonstrated understanding of cyber security risk management concepts, cybersecurity frameworks, and security technologies

    • Knowledge of information security fundamentals, best practices and industry standards with prior responsibilities of protecting information assets

    • Detailed knowledge and experience in security and regulatory frameworks including ISO 27001, NIST 800-53, FFIEC and other control standards

    • Excellent verbal and written communication skills

    • Excellent interpersonal skills

    • Excellent documentation and organizational skills

    • Associate Two-Year College Degree

     

    Preferred experience/skills:

    • 5-10+ years of relevant work experience

    • Knowledge of multiple security areas such as: security architecture, identity management/governance, incident response, security risk, and audit/compliance functions

    • Strong experience with large enterprise environments and information security systems

    • Demonstrated ability to effectively communicate with business groups including legal attorneys

    • CISSP and/or CISM security certification

    • Other cyber risk industry certifications

    • Four-Year College Degree (BA/BS] or Masters Degree

Pricing

LOCATION

Plano, Texas 32801

PAY

$60

APPLY FOR JOB

Job Search

Snelling offers exciting employment opportunities in many fields – including medical, financial, engineering, information technology, manufacturing, and light industrial, administrative and clerical, and more. Search our career, temporary-to-hire and contingent (temporary) employment opportunities now. Find jobs that interest you and apply online!

Snelling Corporate Office

4055 Valley View Lane, Suite #700
Dallas, TX, 75244

(800) 411-6401

(972) 239-7575