Full-Time Vendor Risk Analyst

We’re looking for a highly motivated, collaborative, and technically experienced Third-Party Risk Analyst with the ability to understand and influence Vendor Risk Assessment (VRA) processes, effectively communicate ServiceNow's controls, including intent. The successful candidate must be reliable, resourceful, and have a "can-do" attitude.

You will be a key member of our team and play an important role in defining the Vendor Risk Assessment framework for a leading cloud company. In this role, you will be required to demonstrate ability to analyze difficult problems, think out-of-box, and provide pragmatic solutions and recommendations.

ServiceNow VRA focuses on the security practices of third parties used. The Third-Party Risk Analyst will be involved in driving this process forward and measuring Vendor Risk Assessment process compliance.

What you get to do:

• Perform new and recurring third-party risk assessments.
• Review third-party provided audit reports and supporting collateral (e.g., SOC reports, other certifications, or third-party security whitepapers).
• Use the ServiceNow platform to issue and review questionnaires completed by third parties describing their environment and controls.
• Collaborate with the Procurement Organization and other risk organizations (e.g., Security and Privacy).
• Work in a self-directed, collaborative, and constructive manner with internal stakeholders.
• Lead or assist with successful completion of vendor risk assessment activities.
• Work with vendors to address any remediation activities required following completion of the assessment.

To be successful in this role:

• Bachelor’s degree preferred
• Minimum 3 years of professional experience in IT Security and/or Governance, Risk, and Compliance administering and/or assessing security controls in an organization.
• Prior experience with ServiceNow Platform.
• Excellent organization and time management skills to oversee simultaneously occurring projects, tasks, and deadlines.
• Ability to communicate technical security risks to non-technical business stakeholders.
• Strong ability to influence or negotiate with stakeholders dealing with competing priorities.
• Direct and recent working experience with at least two of the following compliance programs: ISO 27001, PCI, SSAE18, SOC2, HIPAA, 21 CFR Part 11, MTCS, IRAP, and FISMA/FedRAMP.
• Ability to work independently
• Prior experience of working in the Security and Compliance group at a SaaS/Cloud company.
• Relevant professional certifications (e.g., CISSP, CISA, CISM, CIPP, GIAC, PMP).
• Ability to manage large projects.
• Ability to understand the intent of compliance requirements to provide effective and meaningful analysis.
• Excellent report writing skills, ability to prepare compliance reports and associated metrics.
• Work PST Hours

Not sure if you meet every qualification? We still encourage you to apply!

We value inclusivity, welcoming candidates from diverse backgrounds, including non-traditional paths. Unique experiences enrich our team, and the willingness to dream big makes you an exceptional candidate!

What is the last date for applying to the job?

Which countries are accepted for this remote job?