Experienced information security analyst will conduct vendor security risk assessment based on standard industry security frameworks. Will also provide rapid resolution to security language amendments, redlines within contract negotiations and present a risk assessment report to the business.
* Perform security risk assessments on new and existing vendors
* Document risk memos to capture the security risk of a particular vendor based on the vendor's responses and the architecture review of the deployment of the vendor solution.
* Rapid, customer-service focused resolution to contract negotiations, including new requirement evaluation and risk-based contractual obligations.
* Review redlines and suggest alternative language as information security SME that balances business priorities with security risks.
* Monitor ongoing vendor compliance with contractual security requirements and escalate non-compliance
* Managing security of the Veritas Supply Chain for its products and product partnerships.
* 5+ years experience with Information Security or related field
* Must have 2+ years vendor management, including negotiating contracts
* Must have demonstrated experience in risk management and reporting
* Strong knowledge of security risk management frameworks including related regulatory compliance requirements (NIST CSF & 800-53, ISO27001, SOC, HITRUST, HIPAA, FedRamp, PCI, GDPR, etc.)
* Strong interpersonal skills and ability to work effectively with diverse and distributed teams.
* Strong attention to detail, project management and organizational skills.
* Ability to effectively prioritize and execute tasks in a fast-paced environment.
* Ability to quickly adapt to shifting priorities, demands, and timelines through analytical and problem-solving capabilities.
* Strong written and oral communication and interpersonal skills.
* IT Security certification preferred (CISSP, CISM, CISA, SANS, Security+, etc).
* Functional knowledge of ISMS governance models (i.e. ISO 27001, NIST, CAIQ), information security roles, security controls.
* Functional knowledge of common security certifications (i.e. ISO 27001, SOC1, SOC2, Webtrust) and ability to glean significance from findings identified in these reports.