Jobs · Business Development

Lead Analyst, Security Strategy & Assurance

Ladders · United States · 5 days ago
RemoteRemoteBusiness Development$100k–$130k/yrFull-time

Responsibilities

  • Own and enhance the Third Party Risk Management (TPRM) program with a focus on strategy and frameworks
  • Lead vendor risk assessments and develop scalable processes that accommodate growth
  • Identify and rectify gaps in TPRM practices relative to industry standards
  • Collaborate with various teams to integrate risk requirements in vendor selection and contracts
  • Maintain vendor risk inventory and report statuses to leadership effectively
  • Monitor regulatory developments impacting third-party risks
  • Evolve the enterprise risk register, ensuring consistent risk management across units
  • Facilitate risk workshops and validate control effectiveness with leaders
  • Develop and report on key risk indicators and connectivity to business outcomes
  • Integrate risk management into business planning and initiatives early in the process
  • Enhance compliance programs for certifications and act as the audit contact for related controls
  • Translate emerging regulations into actionable program changes and improve compliance documentation
  • Identify inefficiencies in workflows and spearhead improvements to processes
  • Lead GRC tooling optimization ensuring efficient platform use
  • Establish scalable operating procedures for risk activities and track operational metrics for program health

Qualifications

  • Bachelor's degree in Computer Science, Information Security, or related field, or equivalent experience
  • 7-10 years in information security, risk management, or compliance with 3-4 years in third-party/vendor risk
  • Proven experience in enhancing a TPRM program including risk tiering and remediation management
  • Strong knowledge of enterprise risk management frameworks (NIST RMF, ISO 31000, COSO) and security control frameworks (ISO 27001, SOC 2, NIST CSF)
  • Experience leading internal and external audits for certifications like SOC 2 and ISO 27001
  • Ability to operate autonomously on complex projects and drive cross-functional initiatives
  • Excellent communication skills

Pay

$100,000 – $130,000 annually

Schedule

Remote - US based candidates only, no visa sponsorship available

Similar jobs