Senior Analyst, Information Security & IT Vendor Risk Management

About The Position

Requirements

• Bachelor's degree required.
• Minimum of 5 years of experience in IT security risk management, third-party/vendor risk management, or related fields.
• Previous vendor management experience required
• Understanding of security risks across IT operations, including application development, cloud infrastructure, and disaster recovery.
• Proficient in applying security and compliance frameworks such as NIST, ISO 27001, SOC 2, PCI DSS, HITRUST, GDPR, CMMC, and HIPAA.
• Experience managing or administering vendor risk management (VRM/TPRM) or governance, risk, and compliance (GRC) platforms.
• Skilled in evaluating SOC 2 reports, penetration test results, security questionnaires, and vendor security documentation.
• Proven ability to assess risk and identify vulnerabilities through detailed risk reviews.
• Demonstrated experience supporting third-party cyber incidents and breach response efforts.

Nice To Haves

• Strong analytical and problem-solving skills with a focus on identifying security gaps and remediating vendor risks.
• Highly organized, detail-oriented, and capable of managing multiple vendor reviews simultaneously.
• Excellent written and verbal communication skills with ability to present technical risks in business terms.
• Strong relationship management skills and ability to influence stakeholders across procurement, IT, security, and business functions.
• Adaptable and agile, with the ability to respond quickly to new security threats, incidents, and regulatory changes.
• High degree of confidentiality, integrity, and accountability.
• Proficient in Microsoft Office tools; experience with vendor risk management platforms/GRC systems preferred.

Responsibilities

• Own and administer the TPRM/Vendor Risk Management (VRM) platform used for vendor onboarding, due diligence, periodic assessments, issue management, ongoing monitoring, and off-boarding.
• Lead security-focused risk assessments of IT and cloud vendors, analyzing controls for infrastructure, applications, privacy, and business continuity.
• Support third-party incidents and breach remediation by coordinating with vendors and internal stakeholders to identify & validate impact, document response, and track corrective actions.
• Monitor vendor performance and control effectiveness against recognized security frameworks (NIST, ISO 27001, SOC 2, HITRUST, CMMC, PCI DSS) and regulatory requirements (GDPR, HIPAA, etc.).
• Create and maintain the risk register, maintain the vendor inventory and issue tracking with accurate, up-to-date information within the VRM platform.
• Provide executive reporting on vendor risk posture, program metrics, incident & remediation status.
• Partner with stakeholders to update standards, procedures, and controls, maturing the TPRM program to meet evolving cyber and regulatory requirements.
• Liaise with internal and external auditors to manage IT security and compliance reviews tied to vendor controls.
• Deliver training and awareness to stakeholders to strengthen risk management culture across business functions.
• Stay updated on the latest security trends and threat intelligence.

Benefits

• Employer Paid Benefits
• 401K with Employer Match
• QRest Sabbatical
• Employee Stock Purchase
• QTS scholarship for dependents
• Eagle Club award trip eligibility
• Paid volunteer days
• Tuition assistance, parental leave and military leave assistance