URGENT IT Security Vendor Risk Analyst

ROLE AND RESPONSIBILITIES

The IT Security Vendor Risk Analyst is responsible for maintaining, improving, and monitoring the Vendor Risk Management program as it relates to IT security. The IT Security Vendor Risk Analyst is expected to lead coordination efforts with internal and external parties in conducting Teleperformance vendor and supplier risk assessments, provides control recommendations, conducts vendor contract review, performs compliance checks against Teleperformance security policies, legal and regulatory requirements, documenting security issues, monitoring risk remediation status and provides communication to management. The IT Security Vendor Risk Analyst is expected to ensure that vendors and suppliers are managed appropriately and in accordance to the Teleperformance security policies and procedures. Additionally, the IT Security Vendor Risk Analyst will develop and implement independent reporting and analysis to assist in the Vendor Risk Management program.

The IT Security Vendor Risk Analyst coordinates with different internal stakeholders such as Information Technology, Operations, Security, Legal, Procurement and Administrative organizations to ensure vendors are evaluated in meeting business requirements while maintaining security and privacy controls. Additionally, the IT Security Vendor Risk Analyst is expected to stay abreast with security and regulatory updates and be able to mentor and provide leadership to others in the Corporate Security Department.

The successful candidate will have a firm understanding of vendor risk management principles, IT security, and is able to easily articulate that understanding while helping others to improve. Is willing to actively seek opportunities to develop new approaches to meet goals. Grasps and applies advanced concepts. Stays abreast of new tools, technologies, and techniques related to vendor risk management, IT security, and implements them as solutions to problems. In the role, the Vendor Risk Analyst will define vendor frameworks, communicate vendor risk concepts, policies, standards, procedures, and provide ongoing support.

Responsibilities also include:

• Oversees the IT security third-party risk assessment process to include due diligence through partnerships with various internal stakeholders to ensure all requirements are met (certifications, BCP/DR, data security and privacy, brand reputation, connectivity, encryption, etc.).

• Evaluate vendor documents to determine acceptability based on line of business needs and information security and privacy requirements.

• Oversees the day-to-day risk mitigation, monitoring, and reporting for third-party relationships, conducting independent risk assessments that provides greater insight into risk exposures and mitigation efforts.

• Provide updated policy, procedures and control compliance evidence related to Teleperformance vendor and supplier management

• Perform IT security vendor risk assessment to potential vendors prior engagement and due diligence to existing vendors.

• Review IT security vendor risk assessment outputs to ensure risk has been appropriately assessed.

• Coordinate and verify inclusion of terms of contracts related to SaaS, IaaS, software integration, and other business critical deployments that involve PII, PCI, PHI, and other regulatory data classifications.

• Assist in the development of corrective action plans and third-party contingency plans for high risk vendors.

• Collaborate with stakeholders in the Corporate Security Department to assist in further development of governance structure and oversight of security framework and controls in compliance with PCI-DSS, ISO 27001, HITRUST, HIPAA, and other frameworks and guidelines.

• Delivers reporting from the vendor risk management platform and presents to stakeholders, including to senior management.

• Obtain and maintain necessary training to keep current on the discipline of vendor risk management and IT security, including regulatory and industry practices.

• Ensure documents and activities are performed in compliance with applicable laws, regulatory standards and company policies and procedures.

• Lead and participate in internal and external audits and examinations.

• Assist with the creation of policies and procedure for the Vendor Risk Management program.

• Performs other duties and responsibilities as assigned.

QUALIFICATIONS AND EDUCATION REQUIREMENTS

• A Bachelor's degree in risk management, computer science, or a related discipline, or the equivalent combination of education, technical training or work/military experience.

• 3 years of IT security vendor risk management and information security experience.

• Experience with regulatory requirements, including but not limited to PCI-DSS, ISO27001, HITRUST, HIPAA, etc.

• Advanced knowledge and work experience in Vendor Risk Management or related fields, such as audit, IT security, or business continuity, however, other IT disciplines are eligible.

• Technical knowledge to understand detailed issues around security, business continuity, and overall risk in IT.

PREFERRED SKILLS

• In addition to the qualifications and education requirements identified above, a candidate with the following is highly desired:
o Experience in a regulated (financial, pharmaceutical, health care, etc.) industry is highly desired"
o One or more of the following certifications is highly preferred: CRISC, CISM, CISA, and CISSP.