IT Security Specialist, Vendor Risk

About The Position

Requirements

• Minimum 5 years in Vendor Risk Management, Application Security Governance, or GRC.
• Strong experience collecting technical requirements for SaaS/cloud applications.
• Ability to assess data flows, hosting models, and application criticality.
• Hands-on experience with TPRM/GRC platforms such as UpGuard, OneTrust or Archer.
• Proven ability to work across multiple stakeholders (Security, M&A, Privacy, Legal, IT).
• Strong documentation, reporting, and data quality management skills.

Nice To Haves

• Experience supporting M&A integration activities related to application or vendor risk.
• Relevant Security Risk Management certifications such as CRISC, CISM, CISSP etc.
• Understanding of regulatory and compliance frameworks (HIPAA, GDPR, ISO, NIST).

Responsibilities

• Identify and validate all applications not previously reviewed through logs, telemetry, and stakeholder interviews.
• Capture key details: vendor, use case, data types, hosting model, criticality.
• Produce a clean and complete Application Inventory.
• Identify vendor contacts and manage communication flow.
• Request and collect required security documentation (SOC reports, ISO certs, IR/BCP, etc.).
• Maintain complete evidence packages in TPRM platform.
• Build vendor profiles with accurate metadata in Resmed TPRM platform.
• Upload documentation and ensure alignment with ResMed standards.
• Launch security assessments based on risk tier and track vendor progress.
• Document findings and escalate high-risk issues as needed.
• Coordinate with IT team to review and whitelist validated applications.
• Provide weekly status updates.
• Prepare reports on application discovery, vendor risk levels, and assessment outcomes.

Benefits

• We commit to respond to every applicant.