Senior - Vendor Risk Assessment Analyst

To join Deloitte is to participate in the transformation of leading national and international organisations. At Deloitte we are committed to making an impact on society, our clients and you.

Are you in?

We are seeking a Vendor Risk Assessment Analyst to join the team. The VRA Analyst will participate in and lead assessments of vendor risk, develop mitigation plans and partner with internal stakeholders to manage responsibility. In this role you will also ensure strong oversight of all vendors’ risks and provide member firms and business partners visibility of existing and emerging risks.

What will your day-to-day be like?

• Prepare and complete vendor risk assessments and assist with policy, regulatory and accreditation audit preparation.
• Help lead and support continuous improvement, implementation, and deployment of a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/ State Regulatory requirements.
• Facilitate workflow and record keeping within the VRA platform (ServiceNow).
• Help develop, maintain, and document workflow processes to ensure data & system controls are adequate, meet internal baselines and optimize current processes to meet emerging risks.
• Provide guidance to the business, procurement and other stakeholders to ensure requirements of VRM are fully understood.
• Monitor risk findings, remediate resolution including development and execution of corrective action plans, and ensure follow-on reporting and monitoring.
• Perform data analytics & reporting activities.
• Provide & maintain vendor risk reporting mechanisms, and track and report outcomes from vendor management activities.
• Improve awareness of operational risks faced by Business from vendor failure/poor performance and work with Strategic Sourcing/Legal/Business to mitigate any losses.

What do we expect from you?
 

• Bachelor’s degree: preferably in an information technology-related field of study, or equivalent years of experience required.
• Experience working in Cyber Risk, Business Risk Management, Operational Risk, Internal Audit, and/or Controls related function.
• At least 2 years of Information Security, Risk Assessment or IT audit experience.
• Strong familiarity with ISO27000 standards and ISO27002 controls standards.
• Experience with Archer, ServiceNow or another industry standard enterprise Vendor Risk Assessment solution.
• Strong knowledge and working understanding of information security legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.
• Strong working familiarity with common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework.
• Working familiarity with the NIST 800-30 standard for Risk Assessment.
• Oversee vendor risks, providing visibility to member firms and partners regarding current and emerging threats.
• Lead and participate in the assessment of vendor risk, formulate mitigation plans, and colllaborate with internal stakeholders for effective risk management.
• Stay abreast of developments in vendor risk management, contributing to the knowledge base and strategic direction of the cybersecurity function.

What do we offer?

• You will have a hybrid-flexible working model.
• You will be eligible for a flexible remuneration system, medical service, health insurance, life insurance and accident insurance.
• You will have a training plan throughout your career.
• You will develop in a feedback culture where you will be encouraged to learn continuously.
• If you are interested, you will participate in national and international social action and volunteering programmes.
• You will enjoy a cultural and sporting offer.

Now the choice is yours! If you think this position is right for you, click 'Apply now' and complete your profile so we can assess your application. If you fit the profile, our recruitment team will contact you to get to know you.

From there we will guide you through our recruitment process and your Deloitte story will begin.

What impact will you make?