Enviar candidatura ahora »

Senior - Vendor Risk Assessment Analyst


We are seeking a Vendor Risk Assessment Analyst to join the team. The VRA Analyst will participate in and lead assessments of vendor risk, develop mitigation plans and partner with internal stakeholders to manage responsibility. In this role you will also ensure strong oversight of all vendors’ risks and provide member firms and business partners visibility of existing and emerging risks.


What will your day-to-day be like?

    • Prepare and complete risk assessments and assist with policy, regulatory and accreditation audit preparation.
    • Help lead and support continuous improvement, implementation, and deployment of a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/ State Regulatory requirements.
    • Facilitate workflow and record keeping within the VRA platform (ServiceNow).
    • Help develop, maintain, and document workflow processes to ensure data & system controls are adequate, meet internal baselines and optimize current processes to meet emerging risks.
    • Provide guidance to the business, procurement and other stakeholders to ensure requirements of VRM are fully understood.
    • Monitor risk findings, remediate resolution including development and execution of corrective action plans, and ensure follow-on reporting and monitoring.
    • Contribute to development of terms and security specific contract language and security clauses related to risk mitigation.
    • Perform data analytics & reporting activities.
    • Provide & maintain vendor risk reporting mechanisms, and track and report outcomes from vendor management activities.
    • Improve awareness of operational risks faced by Business from vendor failure/poor performance and work with Strategic Sourcing/Legal/Business to mitigate any losses.


What do we expect from you?


  • Bachelor’s degree: preferably in an information technology-related field of study, or equivalent years of experience required.
  • Experience working in Cyber Risk, Business Risk Management, Operational Risk, Internal Audit, and/or Controls related function.
  • At least 2 years of Information Security, Risk Assessment or IT audit experience.
  • Strong familiarity with ISO27000 standards and ISO27002 controls standards.
  • Experience with Archer, ServiceNow or another industry standard enterprise Vendor Risk Assessment solution.
  • Strong knowledge and working understanding of information security legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.
  • Strong working familiarity with common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework.
  • Working familiarity with the NIST 800-30 standard for Risk Assessment.


  • Professional IT or Security Management certification.
  • One or more of CISA or CRMA, CISSP, CCSP, CISM, GIAC certifications.


What is it like to work at Deloitte? 

Working at Deloitte will provide you with the opportunity to participate in the transformation of leading national and international organisations.

This environment will allow you to focus on your personal and professional growth while being surrounded by inspiring individuals. You will also be given the chance to participate in training programmes that will allow you to unlock your full potential.

Thanks to the diversity of our workspace, you will come into contact with a wide array of perspectives, individuals, challenges, and projects.

At Deloitte we are committed to making a positive impact on society, our clients, and you, our employees. 

In order to help us achieve this goal, we have integrated a series of programmes and benefits in our culture that include:


  • A personalised training and career plan (specific/technical, languages, and soft skills).
  • culture of continuous, valuable feedback (upwards and downwards).
  • Mentoring programmes based on your professional category.
  • Volunteering programmes and social action initiatives with a national and international scope (WorldImpact).
  • Cultural programmes and subsidised sports clubs (Deloitte Runners Club, padel, football, volleyball, and many more).
  • Medical insurance and health service based at the office: GPs, nurses, physiotherapy, wellbeing, mental health, etc.
  • Flexibility programme.
  • Flexible remuneration plan and a range of benefits for forming part of Deloitte.


Who are we?

Deloitte is the leading professional services company in Spain and the world. With 22 offices in Spain and 169 offices around the world, we help organisations to address their transformation challenges through a multidisciplinary service approach that can be adapted to a variety of industries.


What is the next step?

  1. If you believe this role is right for you, please click on ‘Apply now’ and complete your profile so we can assess your application.
  2. Our recruitment team will get in touch to find out a bit more about you if they think you could be a good fit for the role.
  3. From this stage onwards we will guide you through the selection process, which could mark the beginning of your Deloitte journey!


Click here to find out more about our Cyber team. Are you ready for the challenge?


What impact will you make?


All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Población:  Madrid
Tipo de Puesto:  Profesionales Con Experiencia
Línea de Servicio:  Riesgos
Req Id:  33585

Enviar candidatura ahora »