Vendor Risk Assessor
Mclean, VA

Job Description

Vendor Risk Assessor

Location: Mclean, VA 22102

Duration: 6 months

Description:

* Most of client's vendor risk assessments are done remotely (request vendor documents) versus going to the vendor's site
* Articulate in verbal and written communication
* Ability to convey technical concepts in "layman" terms
* Confident to make independent decisions
* Willingness and desire to accept other viewpoints
* Collaborate with other individuals to complete common goal

Required skills:

* Strong and deep information security risk identification (includes Cloud services), assessment, and risk ranking experience
* Basic understanding of the risk management concepts of Inherent and Residual risk

Working experience with the following documents used in a risk assessment:

* SIG (Standardized Information Gathering) questionnaire,
* Penetration test
* Vulnerability test
* SOC (Service Organization Control) 1 and 2, Type 2

Experience with the following standards:

* ISO 27001 and 27002
* NIST relevant to information technology/security/cloud
* Cloud Security Alliance control matrix
* Shared Assessments' SCA (Standardized Control Assessment) control assessment guidelines

Experience in assessing the following risks:

* Privacy of information
* Information technology disaster recovery
* 4th party (subcontractor)
* Concentration
* Critical services

Nice to have:

* Financial services third-party risk management experience
* Familiar with the Office of the Comptroller's 2013 Third-party risk management lifecycle guidance

Education Level:

* Bachelor Degree
* Years Experience: 4+ Years

As an equal opportunity employer, ICONMA prides itself on creating an employment environment that

supports and encourages the abilities of all persons regardless of race, color, gender, age, sexual

orientation, citizenship, or disability.