Vendor Risk Analyst

Company Description

It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.

Job Description

We’re looking for a highly motivated, collaborative and technically experienced Third-Party Risk Analyst with ability to understand and influence the Vendor Risk Assessment (VRA) processes, effectively communicate ServiceNow’s controls including intent. The successful candidate must be reliable, resourceful and have a “can-do” attitude.

You will be a key member of our team and play an important role in defining the Vendor Risk Assessment framework for a leading cloud company. In this role you will be required to demonstrate ability to analyze difficult problems, think out-of-box and provide pragmatic solutions and recommendations.

ServiceNow VRA focuses on the security practices of the third parties used.  The Third-Party Risk Analyst will be involved in driving this process forward and measuring Vendor Risk Assessment process compliance.

What you get to do in this role: 

• Perform new and recurring third party risk assessments.
• Review of third party provided audit reports and supporting collateral e.g., SOC reports and other certifications, or review of third-party security whitepapers.
• Using the ServiceNow platform to issue and review questionnaires completed by third parties describing their environment and controls.
• Collaborate with the Procurement Organization and the other risk organizations such as Security and Privacy.
• Work in a self-directed, collaborative, and constructive manner with our internal stakeholders.
• Lead or assist with successful completion of vendor risk assessment activities
• Work with vendors to address any remediation activities required following completion of the assessment.

Qualifications

To be successful in this role you have:

• Bachelor’s degree preferred
• Minimum 3 years of professional experience in IT Security and/or Governance, Risk, and Compliance administering and/or assessing security controls in an organization.
• Prior experience with ServiceNow Platform.
• Excellent organization and time management skills to oversee simultaneously occurring projects, tasks, and deadlines.
• Ability to communicate technical security risks to non-technical business stakeholders.
• Strong ability to influence or negotiate with stakeholders dealing with competing priorities.
• Direct and recent working experience with at least two of the following compliance programs: ISO 27001, PCI, SSAE18, SOC2, HIPPA, 21 CFR Part 11, MTCS, IRAP and FISMA/FedRAMP.
• Ability to work independently
• Prior experience of working in the Security and Compliance group at a SaaS/Cloud company.
• Relevant professional certifications such as CISSP, CISA, CISM, CIPP, GIAC, PMP.
• Ability to manage large projects.
• Ability to understand the intent of compliance requirements to provide effective and meaningful analysis.
• Excellent report writing skills, ability to prepare compliance reports and associated metrics.

Work PST Hours

Not sure if you meet every qualification? We still encourage you to apply! We value inclusivity, welcoming candidates from diverse backgrounds, including non-traditional paths. Unique experiences enrich our team, and the willingness to dream big makes you an exceptional candidate!

Additional Information

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work. Learn more here.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. 

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance. 

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. 

From Fortune. ©2024 Fortune Media IP Limited. All rights reserved. Used under license.