Risk & Compliance Analyst - Vendor Risk Management #2817~ Costco Wholesale
Issaquah, WA

Job Description

Position Summary

This individual will guide and promote all aspects of the analysis, communication, implementation and risk mitigation of vendor related risks and controls to protect Costco and their partners. Will work with other businesses and legal departments to define and set new corporate guidance to support the vendor risk management program strategy, policy, and standards. This individual will be required to anticipate regulatory impacts, promote company awareness, propose solutions to control deficiencies, reach out in support of the business/operations, and communicate effectively at all levels.

Job Duties

Essential Functions:

* Leads and executes security/privacy vendor risk assessments and risk remediation activities to effectively identify and help treat critical risks
* Leverages a risk framework, to rate and rank associated risks
* Documents and communicates findings to the business and third-parties
* Identifies controls deficiencies and recommends control enhancements to address critical risks
* Monitors, tracks, and reports control implementations
* Assists in establishing and following methodologies designed to identify general system and business controls, and identify and prioritize risks
* Develops, manages and executes plans to communicate and remediate all known material weaknesses or significant deficiencies, and minimize any deficiencies noted by either internal or external auditors
* Works closely with I.S. Management, Accounting, Legal and internal/external auditors to ensure successful follow-through and completion of compliance and mitigation activities
* Drives assigned tasks leveraging I.S. expertise or outside resources where needed
* Coordination between external auditors and staff being audited

Non-Essential Functions:

* Assists in other areas of the department as necessary
* Assists in other departments of the company as necessary

Ability to operate vehicles, equipment or machinery

Computer, phone, printer, copier, fax

Experience, skills, education & licenses/certifications

Required:

* A Bachelor's degree in Computer Science or a minimum of 6 years of information systems security experience
* Prior experience in working with Vendor Risk Management (VRM) or Third-Party Risk Management (TPRM) or Risk Management Program
* Experience with collaborating and influencing with partner organizations
* Working knowledge of ServiceNow and Security Scorecard
* Working knowledge of security risk assessment and control frameworks, good understanding of privacy regulations, data management practices, and security stack
* Ability to interpret information security data and processes to identify potential compliance issues (SOX, HIPAA, PCI, Privacy)
* Ability to quickly understand security systems in order to identify and validate risk exposure from vendors and third-parties
* Ability to clearly communicate effectively with executives, auditors, end users, and engineers
* Ability to work effectively, independent of assistance or supervision
* Experience with SIG and/or other vendor questionnaires
* Needs to be self-starter and action oriented to drive risk identification and mitigation efforts
* Innovative, creative, and extremely responsive, with a strong sense of urgency
* Demonstrated mentoring skills (knowledge sharing and assist others in understanding technical and business topics)

Recommended:

* At least one technical certification related to a major Costco platform (Microsoft, Linux or Cisco)
* Working knowledge of with firewalls, routers, load balancers and DMZ silos, and packet capture technologies
* Successful internal candidates will have spent one year or more on their current team

Other Conditions

* Management will review the Job Analysis for this position prior to a job offer

Apply: Use the link below to upload all required documents to

https://chm.tbe.taleo.net/chm02/ats/careers/requisition.jsp?org=COSTCO&cws=1&rid=2817

Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas. If hired, you will be required to provide proof of authorization to work in the United States. Apart from any religious or disability considerations, open availability is needed to meet the needs of the business.