The Vendor Compliance Security Risk Analyst will be responsible for administering and helping to mature Randstad’s third party supplier/vendor security risk management capabilities as a member of Randstad’s  Enterprise Risk and Security Team. The responsibilities will include:

• Evaluating third party supplier/vendors data protection and security risk management capabilities and practices by conducting security and data protection risk assessments of third party suppliers/vendors and leading the interactions with suppliers/vendors to obtain risk treatment decisions and appropriate risk mitigation solutions.
• Articulating and transposing risk assessment results into clearly understandable business impacts and socializing these terms to assist business and IT stakeholders in evaluating and determining if proposed risk treatment options are appropriate.  
• Effectively communicating risks to internal business sponsors, suppliers, and other internal business and IT stakeholders to ensure business relationships being considered with suppliers do not negatively impact the company’s best interest or ability to meet regulatory or contractual data protection and information security obligations.
• Working with suppliers and internal business sponsors to address security risk concerns and gap remediation in a timely manner.
• Providing risk-based guidance to internal business sponsors and supplier/vendor representatives to ensure their full understanding, acceptance, and commitment to remediate risks identified during risk assessments to acceptable levels.
• Providing risk assessment results input to the corporate procurement and contract compliance teams to assist in the negotiation of supplier contracts, with regard to data protection, IT and information security requirements.
• Assisting the Director, Enterprise Risk and Security to develop third party risks reporting metrics to demonstrate volume, risk levels, and risk trending of all third party supplier security risk assessment activities.
• Making recommendations and implementing changes to mature and increase the effectiveness of the supplier/vendor security risk management program.

What we’re looking for...

Required:

• Bachelor’s degree in Information Systems or IT related field or equivalent work experience
• 5 – 7 years of relevant work experience in IT/Information Security Risk Management
• 5+ years experience conducting third party supplier/vendor due diligence and vendor security assessments
• Demonstrated understanding of data privacy, IT and cyber security risk management concepts, assessment methodologies, and emerging technologies
• Demonstrated experience utilizing automated and manual risk assessments tools and templates
• Demonstrated experience and strong familiarity with conducting Technical Risk Assessments
• Relationship focused and demonstrated ability to effectively translate and communicate risks to different stakeholder groups within various levels of an organization
• Effective written documentation and organizational skills
• Good customer facing business acumen

Preferred:

• Certifications: CISSP, CISA, CISM or willingness to obtain within 9 months of start date.
• Demonstrated knowledge of multiple IT and info security risk areas, such as Identity and Access Management, Technical Vulnerability Management, SDLC and Secure Coding principles, and Security Awareness and Training Education
• Experience with ISO 27001-2, COBIT 5, and other controls frameworks and standards