Senior Risk and Compliance Engineer

What you'll do:

• Support the Security & Compliance team in delivering vendor risk management services across the organization.
• Well-versed in performing vendor risk assessments and managing overall vendor portfolio in a GRC platform.
• Perform vendor risk assessments for new and existing vendors.  
• Responsible for reviewing questionnaires and evidence as part of performing vendor risk assessments.
• Knowledge of partnering with Legal and Privacy on an ongoing basis in the review of information security contractual requirements.
• Knowledge of Cloud computing and how to assess Cloud-related risks (SaaS, PaaS, IaaS).
• Knowledge of the overall Procurement process and understanding of Information Security’s role in the process.
• Design and update vendor risk management procedural documentation as needed.  
• Perform vendor compliance risk tracking, trending, analysis, and executive reporting.
• Develop and analyze Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs).
• Support integration or improvements of GRC tooling into existing policy, process, workflows, and procedures as necessary to improve efficiency and mitigate risk.
• Keep abreast of the latest security, privacy, business continuity, regulatory concerns, and best practices impacting third-party risk management.

What you'll bring:

• 7+ years of experience as a Security Risk Analyst/Consultant
• Proficient verbal and written communication skills
• Prior experience conducting audits
• Knowledgeable of information security standards and regulations (e.g. FedRAMP, NIST, ISO 27001, SOC 2/SSAE18)
• One or more of the following certifications: CISA, CRISC, CISM, CISSP
• Prior experience with GRC tools like StandardFusion, Archer etc.