Jobs · Finance

Senior Vendor Security Risk Management Analyst

FM · Johnston, RI · 1 wk ago
RemoteRemoteFinance$106k–$152k/yrFull-time

Key Responsibilities

  • Lead end-to-end third-party solution risk assessments and vendor security reviews across the vendor lifecycle, including due diligence, onboarding, ongoing monitoring, and reassessments.
  • Evaluate vendor security programs, control effectiveness, and governance, along with deep-dive assessment of the specific product being implemented including solution architecture, data flows, and integration points.
  • Identify and communicate inherent and residual cyber risks related to data protection, privacy, IAM, privileged access, system connectivity, and external attack surface exposure.
  • Review and interpret security documentation, including SOC 1/SOC 2 reports, ISO 27001 certifications, audit reports, architecture diagrams, data flow diagrams, and technical configurations.
  • Recommend practical risk mitigation strategies, including compensating controls, secure design changes, and contractual safeguards to support risk-informed decisions.
  • Partner with business, technology, procurement, and legal teams to support risk acceptance, exception management, and third-party risk governance.
  • Contribute to the evolution of FM’s third-party risk management framework, methodology, and standards in alignment with NIST, ISO 27001, NYDFS, and other applicable regulatory expectations.

Qualifications

  • 5+ years of experience in cybersecurity, information security, or cyber risk, with a background in third-party risk management (TPRM), IT risk, audit, incident response, or access management.
  • Experience assessing vendor security posture in cloud (SaaS/PaaS) and enterprise environments.
  • Strong understanding of systems, networks, application architecture, cloud security, and secure system design across AWS, Azure, SaaS, PaaS, APIs, and enterprise integrations.
  • Experience evaluating data flows, data classification, data protection, data governance, and secure data handling practices.
  • Knowledge of IAM, SSO, federation, privileged access, cyber threats, vulnerabilities, and attack methodologies.
  • Ability to interpret SOC 1, SOC 2, ISO certifications, and other third-party assurance artifacts to identify control gaps and residual risk.
  • Risk & Analysis: Ability to identify, assess, and clearly communicate complex cyber risks, trade-offs, and residual risk. Experience recommending practical, business-aligned risk based mitigation strategies, including compensating controls and secure design changes. Strong analytical judgment, attention to detail, and risk-based decision-making.
  • Collaboration & Communication: Ability to translate technical findings into clear, business-relevant insights and recommendations. Strong stakeholder management and partnership across business, technology, procurement, and legal teams. Collaborative, solutions-focused mindset with strong influencing skills in a fast-paced assessment environment. High degree of professional skepticism and curiosity when evaluating vendor claims and evidence.
  • Tools & Certifications: Proficiency with Microsoft Office tools. Relevant certifications such as CISSP, CISA, CSA, CISM, Security+, GIAC, CEH, or similar are strongly desired.

Similar jobs

Senior Security Analyst

YardiSanta Barbara, CA· 1 wk ago
Information Technology$98k–$110k/yrapply on careers.yardi.com