Vendor Risk Specialist

Job Description

The Vendor Risk Specialist is responsible for implementing, maintaining, managing, and operating vendor risk management platforms & capabilities. The Specialist delivers these capabilities in accordance with the organization’s architectural designs, best practices, and regulatory or compliance requirements. As risks change, the Specialist is responsible for recommending modifications and enhancements to ensure the organization is evolving with the threat landscape.  

The Vendor Risk Specialist is expected to conduct risk assessments and audits of the organization’s vendors' security program, environments, systems, infrastructure, and applications.   The role is responsible for providing detailed reports of technical and procedural findings and recommendations.  Recipients of the Specialist’s reports include business functions, purchasing, security, audit, and external stakeholders.

ESSENTIAL FUNCTIONS:   Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.

• Maintain knowledge of applicable policies, regulations, and compliance documents specifically related to cyber defense auditing.
• Conduct third-party risk assessments to assist in determining their ability to protect confidential and sensitive data

• Examine and research security controls and frameworks as it relates to vendor risk management
• Administer the vendor risk management process and make confident risk recommendations with respect to the integrity and business stability of new vendors or vendors nearing contract renewal
• Evaluate applicable security controls to apply against vendor services being provided and the applicability of compensating controls for vendor security assessments
• Collect, analyze, interpret, evaluate, and integrate risk data from multiple sources to conduct a comprehensive analysis.
• Maintain relationships with the third parties to ensure compliance, requesting an audit, tests, or other evidence
• Maintain an inventory of in‐scope vendor artifacts and report their compliance status as required by stakeholders, management, review boards, regulatory bodies, and auditors as necessary

• Act as a subject matter expert, and liaise with key business and technology stakeholders to ensure compliance expectations are realized in a timely manner
• Develop security deliverables based on the security documentation that is provided by the vendor
• Maintain a security risk register.
• Identify opportunities for process improvements to deliver increased operational efficiency in the vendor security oversight processes
• Maintains an up-to-date understanding of industry best practices

• Distribution and interpretation of compliance questionnaires, analyzing vendor audit reports from various sources, and engaging vendor representatives for additional details regarding security controls

Supervisory Responsibilities: This position has no formal supervisory responsibilities.

Certificates and Licenses: None Required

MINIMUM REQUIRED QUALIFICATIONS:   

• Five (5) years of experience in cybersecurity/IT with a strong focus on the analysis of security programs or controls

• Understanding of risk assessments and compliance with major regulatory initiatives (e.g.  SOX, PCI-DSS, HIPAA, FedRAMP)
• Understanding of cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000)
• Possess a good understanding of appropriate leading-edge governance-enabling technologies & practices.
• Strong demonstrated ability to gain consensus and support across diverse functions and departments.
• Excellent communication and presentation skills (verbal and written).
• Project management planning and organization skills.
• Ability to identify, document, and communicate information security issues to business and information owners
• Ability to maintain the confidentiality of sensitive information
• Microsoft Office (Outlook, Word, Excel, PowerPoint, Project, Visio, etc.); Web proficiency.
• Ability to travel 5% of the time
• Ability to clear required background check

DESIRED QUALIFICATIONS:  

• Bachelor’s degree in Computer Science, Information Assurance, MIS, Business, or related field
• Prior experience with vendor, contract, and/or program risk assessments
• Prior work experience in a regulated environment; education organization experience desired.
• Ability to establish good working relationships with team members, colleagues, and external organizations. 
• Demonstrable ability to develop value-driven & budget conscious security capabilities
• Knowledge of audit trail and systems activity review processes and procedures.
• Proficiency in risk assessment and risk management methodologies.
• Expertise in FERPA requirements and information security best practices.

WORK ENVIRONMENT:  The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• This position is virtual and open to residents of the 50 states and Washington, D.C.

We anticipate the salary range to be $66,379.50- $170,037.60. The upper end of this range is not likely to be offered, as an individual’s compensation can vary based on several factors. These factors include, but are not limited to, geographic location, experience, training, education, and local market conditions. Eligible employees may receive a bonus. Stride offers a robust benefits package for eligible employees that can include health benefits, retirement contributions, and paid time off.

The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor.  All employment is “at-will” as governed by the law of the state where the employee works.  It is further understood that the “at-will” nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer. 

Job Type

The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor. All employment is “at-will” as governed by the law of the state where the employee works.  It is further understood that the “at-will” nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer.

Stride, Inc. is a Federal Contractor, an Equal Opportunity/Affirmative Action Employer and a Drug-Free Workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected Veteran status age, or genetics, or any other characteristic protected by law.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)