Senior Program Manager-Federal
Zscaler
Cloud
Senior Vendor Risk Management Analyst
Thomson Reuters
full-time
Posted on:
Origin: • 🇺🇸 United States • Virginia
Visit company websiteSalary
💰 $88,200 - $163,800 per year
Job Level
Senior
About the role
- Conduct thorough risk assessments of vendors to evaluate their security practices and identify potential vulnerabilities
- Perform due diligence on new and existing vendors to ensure they meet security requirements and comply with relevant regulations and standards
- Continuously monitor vendor security performance and report findings to management; maintain metrics and dashboards for tracking vendor risk
- Develop and maintain policies and procedures related to vendor risk management
- Work closely with internal teams (procurement, legal, security) to integrate vendor risk management processes across the organization
- Assist in the review of vendor contracts to ensure appropriate security clauses and requirements are included
- Participate in incident response activities related to vendor security breaches, including investigation and remediation efforts
- Identify opportunities for improving vendor risk management processes and implement changes to enhance overall security posture
- Ensure vendor management practices comply with industry standards such as SOC, ISO, or PCI-DSS
- Analyze security findings from risk assessments and ensure they are logged and tracked appropriately in Enterprise Risk Management tooling
Requirements
- 5-7+ years of experience in vendor risk management, third-party risk, or related fields
- Experience with vendor assessment methodologies and frameworks (e.g., NIST, ISO, SIG)
- Experience with vendor risk assessment tools and databases
- Contract review and negotiation experience
- Strong communication skills for interacting with vendors and internal stakeholders
- Ability to participate in incident response related to vendor security breaches (investigation and remediation)
- Industry certifications such as CTPRP, CRISC, or CISA considered a plus (not required)
