Sr. Risk and Compliance lead

About the Team: As a member of our Information security team, you will join a fast-paced and well-rounded security team. You’ll work in a cutting-edge cloud environment that powers our company’s impressive growth. Last year our platform sent over 1 billion messages, helping customers navigate critical communications during significant man-made events and natural disasters. If you are looking to make a difference with your work, and help our customers prioritize safety, then we would love for you to join our team. 

What you'll do:

• Support the Security & Compliance team in delivering vendor risk management services across the organization.
• Well-versed in performing vendor risk assessments and managing overall vendor portfolio in a GRC platform.
• Perform vendor risk assessments for new and existing vendors.  
• Responsible for reviewing questionnaires and evidence as part of performing vendor risk assessments.
• Knowledge of partnering with Legal and Privacy on an ongoing basis in the review of information security contractual requirements.
• Knowledge of Cloud computing and how to assess Cloud-related risks (SaaS, PaaS, IaaS).
• Knowledge of the overall Procurement process and understanding of Information Security’s role in the process.
• Design and update vendor risk management procedural documentation as needed.  
• Perform vendor compliance risk tracking, trending, analysis, and executive reporting.
• Develop and analyze Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs).
• Support integration or improvements of GRC tooling into existing policy, process, workflows, and procedures as necessary to improve efficiency and mitigate risk.
• Keep abreast of the latest security, privacy, business continuity, regulatory concerns, and best practices impacting third-party risk management.

What you'll bring:

• 7+ years of experience as a Security Risk Analyst/Consultant
• Proficient verbal and written communication skills
• Prior experience conducting audits
• Knowledgeable of information security standards and regulations (e.g. FedRAMP, NIST, ISO 27001, SOC 2/SSAE18)
• One or more of the following certifications: CISA, CRISC, CISM, CISSP
• Prior experience with GRC tools like StandardFusion, Archer etc.

About Everbridge
Everbridge empowers enterprises and government organizations to anticipate, mitigate, respond to, and recover stronger from critical events. In today’s unpredictable world, resilient organizations minimize impact to people and operations, absorb stress, and return to productivity faster when deploying critical event management (CEM) technology. Everbridge digitizes organizational resilience by combining intelligent automation with the industry’s most comprehensive risk data to Keep People Safe and Organizations Running™. For more information, visit www.everbridge.com, read the company blog, and follow on Twitter. Everbridge… Empowering Resilience Everbridge is an Equal Opportunity/Affirmative Action Employer. All qualified Applicants will receive consideration for employment without regard to race, creed, color, religion, or sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.