Description:
SecurityScorecard’s MAX team delivers vendor risk management services on behalf of customers. Our MAX team is growing and we are seeking a Vendor Risk Consultant to join our team and help us manage and mitigate risks associated with our customers’ vendors. This is an exciting opportunity to work alongside some of the largest companies in the world and make a significant impact on their business by ensuring that their information is held securely by their vendors.
What You’ll Do
- Conduct risk assessments of customers’ potential and existing vendors to identify and mitigate potential risks.
- Monitor and track vendor risk profiles and regularly report on potential and existing risks to customers and vendors.
- Stay informed about current security threats and industry standards to continuously improve vendor risk management strategies.
- Develop and maintain strong relationships with vendors to ensure ongoing compliance with security requirements.
- Develop and maintain strong relationships with customers to help them understand the risks posed by their vendors.
- Continuously assess the effectiveness of our customers’ vendor risk management programs, and provide advice and guidance on how to enhance the effectiveness.
- Assess new and emerging cybersecurity findings identified by SecurityScorecard, and provide analysis and insight to vendors on how these impact their cybersecurity posture and how to mitigate and remediate these findings.
What We Need You To Have
- 5+ years of professional cybersecurity consulting experience, or similar.
- Outstanding communication skills, and the ability to explain complex cybersecurity and vendor risk management concepts to non-technical audiences.
- Strong understanding of cybersecurity concepts, technologies, and best practices.
- Data analysis skills, using Microsoft Excel or similar, and common scripting languages, such as Python, to analyze complex data and provide trends and patterns.
- Demonstrated ability to manage multiple client accounts simultaneously, prioritize tasks, and meet deadlines.
- Work independently and collaboratively in a fast-paced, dynamic environment.
- At least one certification in the following list is desired: CEH, GSLC, GCPM, GSTRT, GCCC, GSNA, CISSP, CISM, CISA or CRISC.
- Experience conducting cybersecurity assessments and audits is desired.
- Previous experience in vendor risk management is desired, but not required.