Vendor Risk Assessor
Mclean, VA

Job Description

Vendor Risk Assessor

Location: Mclean, VA 22102

Duration: 6 months

Description:

* Most of Client's vendor risk assessments are done remotely (request vendor documents) versus going to the vendor's site*
* Articulate in verbal and written communication
* Ability to convey technical concepts in "layman" terms
* Confident to make independent decisions
* Willingness and desire to accept other viewpoints
* Collaborate with other individuals to complete common goal

Required skills:

* Strong and deep information security risk identification (includes Cloud services), assessment, and risk ranking experience
* Basic understanding of the risk management concepts of Inherent and Residual risk

Working experience with the following documents used in a risk assessment:

* SIG (Standardized Information Gathering) questionnaire
* Penetration test
* Vulnerability test
* SOC (Service Organization Control) 1 and 2, Type 2

Experience with the following standards:

* ISO 27001 and 27002
* NIST relevant to information technology/security/cloud
* Cloud Security Alliance control matrix
* Shared Assessments' SCA (Standardized Control Assessment) control assessment guidelines

Experience in assessing the following risks:

* Privacy of information
* Information technology disaster recovery
* 4th party (subcontractor)
* Concentration
* Critical services

Nice to have:

* Financial services third-party risk management experience
* Familiar with the Office of the Comptroller's 2013 Third-party risk management lifecycle guidance

Years Experience: 4+ Years