Job Description

Job Overview We are seeking a highly skilled and motivated Vendor Information Security Risk Management Specialist to join our team. This individual will be responsible for evaluating and tracking information security risks posed by third-party vendors and partners. As part of the G&C team, you will collaborate with various stakeholders to ensure the integrity, confidentiality, and availability of our data and systems when interacting with external entities. Key Responsibilities Vendor Risk Assessments : Conduct comprehensive information security risk assessments on third-party vendors and service providers. Evaluate their security posture, identify vulnerabilities, and ensure compliance with company policies, industry standards, and legal/regulatory requirements. Risk Mitigation & Management : Collaborate with stakeholders to define risk mitigation strategies for third-party vendors. Monitor and manage the lifecycle of vendor risk and ensure that risk treatment plans are in place and executed. Compliance & Regulatory Oversight : Ensure that third-party vendors comply with relevant industry standards (e.g., GDPR, ISO 27001, SOC 2, etc.) and internal security policies. Contractual Security Requirements : Work closely with the legal and procurement teams to establish and enforce security terms in third-party contracts, including Service Level Agreements (SLAs) and Data Processing Agreements (DPAs). Continuous Monitoring : Implement processes and tools for ongoing monitoring of third-party security posture. Evaluate third-party security reports, incident response, and performance metrics to ensure adherence to agreed-upon security controls. Qualifications Education : Bachelor s degree any field. Experience : Minimum of 6 years of experience in information security, risk management, or a related field, with