Senior Vendor Cyber Risk Analyst

Description:

ob Description

S&P Global Corporate

The Role: Senior Vendor Cyber Risk Analyst

The Team

As part of Corporate Risk Management / Business Delivery Risk Management, the Vendor Cyber Risk Management team manages the Supply Chain Cyber risks by performing risk assessments of third-party engagements to identify and reduce the risks posed by third parties. This is an extremely important role, considering the fact that 63% of data breaches happen due to third parties. It involves working with internal stake holders as well as third parties to achieve the results.

The Impact

This role helps reduce the cyber risk posed by third parties and protects S&P Global brands against possible attacks against our information assets by threat actors via backdoor created by our vendors.

What’s In It For You

Third party risk management is one of the fast-growing areas in financial services companies. The rapid pace of adoption of cloud applications (SaaS) and Business Process Outsourcing (BPO) has made this even more critical as regulators pay a lot of attention as to how companies manage third-party risk.

Basic Qualifications

What We’re Looking For:

• Bachelor’s degree in Computer Science or engineering or equivalent
• Experience: Minimum 8 years of experience in Information Technology or Risk Management, out of which a minimum of 4 years with Information Security or Technology Risk Management
• Experience with Information Security and/or Technology Risk Management, servicing US-based large financial services companies
• Ability to assess controls with respect to cloud applications as well as organization-wide controls
• Demonstrable understanding of the concepts of technology controls and information security controls
• Strong communication skills are a must. The resource should be able to effectively communicate with cross-functional teams and external vendors, both written and oral communication is critical
• The candidate is required to act as a “Go to” person for rest of the team.
• The candidate is also expected to perform complex risk assessments of cloud service providers.
• Ability to come up with risk metrics, to enhance our existing procedures is highly desired.
• This position is required to work in UK Shift; flexibility is a must, especially when it comes to vendor and internal meetings held during US business hours
• Exposure to cloud technologies and cloud security is highly desired; the familiarity with pubic cloud technologies such as Amazon Web Services (AWS) or Microsoft Azure or Google Cloud is highly preferred
• Any prior exposure to vendor risk management is a plus