GRC (Vendor Risk Management) Engineer
Apply NowCompany: Diverse Lynx LLC
Location: Atlanta, GA 30349
Description:
Job role : GRC (Vendor Risk Management) Engineer
Location : Atlanta, GA- Onsite | 8 - 10 years of experience
Type : Full Time
Preferred Qualifications & Skills:
Roles & Responsibilities
Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.
Location : Atlanta, GA- Onsite | 8 - 10 years of experience
Type : Full Time
Preferred Qualifications & Skills:
- Bachelor's Degree or 5 plus years of relevant experience in Computer Science, Mathematics, Engineering, Information Systems, Management Information Systems or Information Security
- Key industry certifications such as CISA, CISM, CISSP, CRISC, etc.
- Knowledge of industry standard frameworks such as NIST Cybersecurity Framework, ISO 27001, NIST 800-30, etc.
- Familiarity with third party information security attestations/certifications such as SOC I/II reports, ISO, PCI-DSS, SOX.
- Comprehensive knowledge of third-party risk concepts, methodologies, governance structures and experience in managing risk and performing vendor risk assessments
- Experience across Information Security domains such as governance & compliance, incident response, identity & access management, penetration testing, or e-discovery & forensics
- Experience across IT domains such as application development, infrastructure, technical support and operations, cloud technologies and/or continuity of business
- Experience with RSA Archer
Roles & Responsibilities
- To proactively identify, analyze, and remediate information security and technology risks throughout the third-party lifecycle (planning, due diligence, contract adherence, transition, continuous monitoring, and offboarding). You'll also have the opportunity to partner with IT Portfolios (Infrastructure and Reliability, Architecture, Channels Technology), key functional partners (Legal, Privacy, Corporate Audit) and external assessors.
- Participate in vendor risk management activities including but not limited to third party risk assessments, gap analysis, contract review, vendor breach and termination activities, and partner with internal stakeholders to monitor vendors.
- Perform data analytics and create meaningful reports to effectively communicate outcomes from vendor management activities and relate security, compliance, and/or governance-related concepts and controls across a variety of audiences including non-technical audiences
- Identify and communicate findings of non-compliance with Information Security Standards and track to remediation or to an acceptable level of risk
- Continuously work to improve the overall Vendor Risk Management Program through identifying opportunities and leading implementation activities
- Provide guidance to the business, Strategic Sourcing and other stakeholders to ensure requirements of VRM are fully understood.
- Serve as the subject matter expert in interpreting requirements and improve awareness of Operational Risks faced by Business from vendor's failure/poor performance
- Stay informed about the latest developments in the vendor risk management field.
Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.