Ursus
ISG Third-Party Risk Analyst
Ursus, Foster City, California, United States, 94420
Job Title: ISG Third-Party Risk AnalystDuration: 6 monthsLocation: Foster City, CAPay Range: $70.00 -$80.00/hr
TOP 3 SKILLS:
6+ years of experience in conducting security control assessments or audits.2+ years of experience in developing or managing security awareness programs.6+ years experience with information security standards and privacy laws (e.g., ISO 27001, NIST, HIPAA).
Job Description:We are seeking a highly skilled Information Security Governance Third-Party Risk Analyst who will assess third-party risk as part of vendor evaluations. Additionally, the analyst will conduct periodic assessments based on the sensitivity of the vendor, data in scope, or prior security incidents. This position requires a strong understanding of information security frameworks, risk management practices, and excellent analytical skills.
In this role you will be engaged in the following areas:Vendor Risk Assessment
Perform comprehensive third-party risk assessments at the point of engagement.Evaluate vendors' information security controls, operational practices, and data privacy measures.Conduct periodic assessments of third-party vendors based on the sensitivity of the vendor.Assess the data involved or any prior security incidents.Ensure continuous monitoring and reassessment of vendor risk profiles.Risk Mitigation
Identify, analyze, and prioritize risks associated with third-party vendors.Work with vendors and internal stakeholders to develop and implement risk mitigation strategies.Compliance and Reporting
Ensure compliance with relevant information security standards and regulatory requirements (e.g., NIST CSF, GDPR, ISO/IEC 27001).Provide clear and high-quality risk reports with guidance and recommendations to senior business owners.Collaboration and Communication
Develop and maintain strong working relationships with business areas, IT teams, and vendors.Advise on security requirements and best practices.Data Analysis and Reporting
Perform data analyses and generate reports on third-party risk.Track and communicate overall program performance.Ensure timely completion of program milestones.Contractual Reviews
Support contractual reviews for new and existing suppliers.Ensure security requirements are met in supplier contracts.Process Improvement
Participate in the development and optimization of vendor risk management processes and procedures.Improve overall vendor risk posture.
Qualifications
6+ years of experience in conducting security control assessments or audits.2+ years of experience in developing or managing security awareness programs.6+ years experience with information security standards and privacy laws (e.g., ISO 27001, NIST, HIPAA).Skills / Knowledge / Abilities:
Strong knowledge of GRC frameworks and tools.Proficiency in third party risk assessment methodologies and tools.Conceptual understanding of the following technologies:LLMs (Large Language Models), AI (artificial intelligence), Client (machine learning)Excellent analytical and critical thinking skills.Strong written and verbal communication skills.Ability to work collaboratively in a dynamic, fast-paced environment.Education:
Bachelor's degree in Computer Science, Information Systems, Business, or a related field, or equivalent relevant experience.Certifications (beneficial):Professional certifications such as CISA, CISM, CRISC, CISSP.
#J-18808-Ljbffr
TOP 3 SKILLS:
6+ years of experience in conducting security control assessments or audits.2+ years of experience in developing or managing security awareness programs.6+ years experience with information security standards and privacy laws (e.g., ISO 27001, NIST, HIPAA).
Job Description:We are seeking a highly skilled Information Security Governance Third-Party Risk Analyst who will assess third-party risk as part of vendor evaluations. Additionally, the analyst will conduct periodic assessments based on the sensitivity of the vendor, data in scope, or prior security incidents. This position requires a strong understanding of information security frameworks, risk management practices, and excellent analytical skills.
In this role you will be engaged in the following areas:Vendor Risk Assessment
Perform comprehensive third-party risk assessments at the point of engagement.Evaluate vendors' information security controls, operational practices, and data privacy measures.Conduct periodic assessments of third-party vendors based on the sensitivity of the vendor.Assess the data involved or any prior security incidents.Ensure continuous monitoring and reassessment of vendor risk profiles.Risk Mitigation
Identify, analyze, and prioritize risks associated with third-party vendors.Work with vendors and internal stakeholders to develop and implement risk mitigation strategies.Compliance and Reporting
Ensure compliance with relevant information security standards and regulatory requirements (e.g., NIST CSF, GDPR, ISO/IEC 27001).Provide clear and high-quality risk reports with guidance and recommendations to senior business owners.Collaboration and Communication
Develop and maintain strong working relationships with business areas, IT teams, and vendors.Advise on security requirements and best practices.Data Analysis and Reporting
Perform data analyses and generate reports on third-party risk.Track and communicate overall program performance.Ensure timely completion of program milestones.Contractual Reviews
Support contractual reviews for new and existing suppliers.Ensure security requirements are met in supplier contracts.Process Improvement
Participate in the development and optimization of vendor risk management processes and procedures.Improve overall vendor risk posture.
Qualifications
6+ years of experience in conducting security control assessments or audits.2+ years of experience in developing or managing security awareness programs.6+ years experience with information security standards and privacy laws (e.g., ISO 27001, NIST, HIPAA).Skills / Knowledge / Abilities:
Strong knowledge of GRC frameworks and tools.Proficiency in third party risk assessment methodologies and tools.Conceptual understanding of the following technologies:LLMs (Large Language Models), AI (artificial intelligence), Client (machine learning)Excellent analytical and critical thinking skills.Strong written and verbal communication skills.Ability to work collaboratively in a dynamic, fast-paced environment.Education:
Bachelor's degree in Computer Science, Information Systems, Business, or a related field, or equivalent relevant experience.Certifications (beneficial):Professional certifications such as CISA, CISM, CRISC, CISSP.
#J-18808-Ljbffr