Lead IT Analyst - Vendor Risk Assessment

OVERVIEW

Live the experience. From professional empowerment to continual learning opportunities. From ongoing investment in new and emerging technologies to a career of self-determination. At Ulta Beauty, our tech team is critical to our scalability-and is recognized that way. We've been defined as a "mature start-up." A place where interdepartmental exposure, open doors, and genuine collaboration is ubiquitous. Where challenges come fast and furious, requiring agility, mental dexterity, and creativity. Where our passion for better solutions drives us and is core to who we are.

We're engineering for the future of retail, and it's no-holds-barred. But for those motivated by continual change and ambiguity, by superior leadership, by whip smart colleagues who will press you daily for your very best, you'll find that virtually nothing's impossible at Ulta Beauty.

THE IMPACT YOU CAN HAVE:

The IT Vendor Risk Assessment Lead has significant responsibilities related to the Third-Party Risk Management Program. The IT Vendor Risk Assessment Lead is responsible of the successful delivery of our Third-Party Risk Management Program. They work closely with key stakeholders and maintain high quality standards while operating in a highly dynamic and fast paced environment.

YOU'LL ACCOMPLISH THESE GOALS BY:

• IT Governance: Evaluates new business proposals and provides advice on vendor risk issues. Coordinates with relevant regulatory authorities.
• Information Management: Assesses the implications of information, both internal and external, that can be mined from business systems and elsewhere and makes business decisions based on that information, including the need to make changes to systems. Reviews proposals for new initiatives and provides specialist advice on information management.
• Information security: Communicates corporate information security policy, standards, and guidelines. Provides authoritative advice and guidance on the requirements for security controls in collaboration with experts in other functions e.g., legal, technical support.

• Relationship management: Develops long-term, strategic relationships with senior stakeholders. Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining, and working to stakeholder engagement data protection strategies and plans. Negotiates with stakeholders at senior levels and ensures that organizational data protection policy and strategies are adhered to.
• Innovation: Manages, monitors, and seeks, opportunities, new methods, trends, capabilities, and products to the advancement of the organization. Clearly articulates, and formally reports potential benefits from both structural and incremental change.
• Business process improvement: Advises on significant enterprise level improvements and measurable business benefits by identifying, proposing, initiating, and leading significant programs of improvement. Champions a culture of continuous improvement.

PRINCIPAL DUTIES & RESPONSIBILITIES:

• Perform Third Party technology risk assessments for new and existing vendors within the established time frame, usually 2-3 weeks. Flexibility required on 'rushed' assessments.
• Partner with vendor contacts to respond to vendor assessment questionnaire, request for information, and other date to support risk management activities.
• Mature Vendor Risk Management program by adopting industry best practices.
• Ensure that risk mitigation plans are in place and tracked for findings identified during risk assessments. Plans should be established and in place within 5 business days after the vendor risk assessment is complete.
• Document information security risk findings, recommendations, and risk mitigation/acceptance plans.
• Partner with business owners prior to risk assessments on the vendor risk assessment process to ensure proper scoping, and reassessment process.
• This is done through a Business Impact Awareness meeting which should be performed at least 1 business day prior to kickoff of the vendor risk assessment.
• Work with vendors on completing the Data Mapping questionnaire prior to completion of vendor risk assessment.
• Populate the Vendor Asset Inventory and Risk Control Library following industry standards.
• Promote the vendor risk assessment program, monitoring, and audit activities within the organization.
• Monitor vendor risks, develop risk reporting, and communicate with key stakeholders and leadership.
• Ensure risk themes are actively updated in the vendor risk assessments.
• Provide education & awareness to the business partners to better understand vendor risks.
• Manage multiple engagements and competing priorities in a rapidly growing, fast-paced, results-based team environment.

ESSENTIALS FOR SUCCESS:

• 5+ years of experience in implementing and advising on vendor risk assessments.
• Able to prioritize and execute tasks in a high-pressure environment.
• Proven track record of delivering high quality solutions on time and on schedule.
• Experience in socializing Vendor risk framework and controls across the organization
• Experience in identifying solutions for issues identified in prior vendor risk assessments.
• Demonstrate a working knowledge of NIST, ISO 27001 or ISO 27018, SOC security and privacy principles and provide practical examples of their application across the technical domain.
• Knowledge of IT security best practice controls across multiple technologies and processes
• Highly motivated, proactive and ability to work independently.
• Excellent interpersonal skills and the ability to interact well with both internal and external stakeholders.
• Able to prioritize and execute tasks in a high-pressure environment.

Preferred Qualifications:

• Bachelor's degree in technical discipline, a related field, or applicable work experience
• Experience in performing vendor assessments in Cloud technologies.
• CISSP or other officially recognized certification would be desirable.

#LI-Hybrid

#LI-ML1

The pay range for this position is $102,900.00 - $165,000.00 / Year with the opportunity for eligible associates to earn additional compensation pursuant to the Company's bonus plan. Exact pay will be based on factors including, but not limited to relevant education, qualifications, certifications, experience, level, shift, geographic location, and business and organizational needs. Full-time positions are eligible for paid time off, health, dental, vision, life and disability benefits. Part-time positions are eligible for dental, vision, life, and disability benefits. For additional information concerning our benefits, visit our Benefits and Career Development page: https://learn.bswift.com/ulta

ABOUT

At Ulta Beauty (NASDAQ: ULTA), the possibilities are beautiful. Ulta Beauty is the largest North American beauty retailer and the premier beauty destination for cosmetics, fragrance, skin care products, hair care products and salon services. We bring possibilities to life through the power of beauty each and every day in our stores and online with more than 25,000 products from approximately 500 well-established and emerging beauty brands across all categories and price points, including Ulta Beauty's own private label. Ulta Beauty also offers a full-service salon in every store featuring-hair, skin, brow, and make-up services.

We will consider for employment all qualified applicants, including those with arrest records, conviction records, or other criminal histories, in a manner consistent with the requirements of any applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York City Fair Chance Act.