Supplier Security Risk Analyst

Key Skills:

Roles and Responsibilities:

• Conduct and document Supplier Inquiry Qualification (SIQ) and Supplier Inquiry for Procurement (SIP) processes.
• Perform risk assessments using tools such as Security Scorecard, BitSight, and Moody's.
• Evaluate supplier responses and determine risk treatment plans.
• Ensure integration of cybersecurity clauses, NDAs, and SIPs into supplier contracts with Legal and Procurement teams.
• Support the definition and tracking of security KPIs in supplier agreements.
• Maintain and update the Supplier Security Risk Register.
• Monitor supplier performance and risk posture through dashboards and periodic reviews.
• Coordinate with internal stakeholders to define response options for declining supplier risk scores.
• Support internal and external audits related to supplier security.
• Ensure alignment with ISO 27001 controls (e.g., A.5.1, A.5.37) and internal ISMS processes.
• Contribute to continuous improvement of supplier risk management processes.
• Prepare reports and dashboards for governance forums and risk boards.
• Provide training and awareness on supplier security risks.

Skills Required:

• Hands-on experience in Cybersecurity risk management, particularly with suppliers and third parties.
• Knowledge of ISO 27001 controls and Information Security Management Systems (ISMS).
• Experience with risk assessment tools like Security Scorecard, BitSight, Moody's, or equivalent.
• Understanding of supplier contract governance, NDAs, and cybersecurity clauses.
• Ability to monitor, analyze, and report supplier risk using dashboards and KPIs.
• Strong analytical, problem-solving, and documentation skills.
• Ability to collaborate effectively with Legal, Procurement, and internal stakeholders.
• Familiarity with audit processes and regulatory compliance in cybersecurity.
• Good communication skills to provide training and governance reporting.

Education: