Summary
Position Summary
Senior Analyst - Vendor Risk Assessment
Position summary
Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next- generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?Wanttomakeanimpactthatmatters?ConsiderDeloitte Global.
Workyou'll do
The Deloitte Global Cybersecurity function is responsible for the firm’s overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centers. We are seeking a Vendor Risk Assessment Analyst to join the team. The VRA Analyst will participate in and lead assessments of vendor risk, develop mitigation plans and partner with internal stakeholders to manage responsibility. In this role you will also ensure strong oversight of all vendors’ risks and provide member firms and business partners visibility of existing and emerging risks.AspartoftheGlobalCyberRiskteam,theVRAAnalyst must:Prepare and complete risk assessments and assist with policy, regulatory and accreditation audit preparationHelp lead and support continuous improvement, implementation and deployment of a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/ State Regulatory requirementsFacilitate workflow and record keeping within the VRA platform (ServiceNow)Help develop, maintain, and document workflow processes to ensure data & system controls are adequate, meet internal baselines and optimize current processes to meet emerging risksProvide guidance to the business, procurement and other stakeholders to ensure requirements of VRM are fully understoodSupport development and execution of a robust communication and training plan to facilitate the effective application and awareness of VRMMonitor risk findings, remediate resolution including development and execution of corrective action plans, and ensure follow-on reporting and monitoringContribute to development of terms and security specific contract language and security clauses related to risk mitigationPerform data analytics & reporting activities. Provide & maintain vendor risk reporting mechanisms, and track and report outcomes from vendor management activities.Stay informed about the latest developments in the vendor risk management fieldImprove awareness of operational risks faced by Business from vendor failure/poor performance and work with Strategic Sourcing/Legal/Business to mitigate any losses through vendor compensation achieved through establishment of robust contractsWhatyou'llbepartof-ourDeloitteGlobal Culture:
At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique rolein delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our network.In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.Whoyou'llwork with:
Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.Qualifications:
Required
At least 3 years of Information Security, Risk Assessment or IT audit experienceWorking familiarity with Vendor Risk Assessments and production of Risk Analysis ReportsExperience in management of vulnerability and/or risk remediationSpecific knowledge of and experience with applicable concepts and methodologies such as continuous quality improvement and auditing experienceDeep familiarity with risk assessments and threat modelsStrong familiarity with ISO27000 standards and ISO27002 controls standardsExperience with Archer, ServiceNow or another industry standard enterprise Vendor Risk Assessment solutionStrong knowledge and working understanding of information security legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security StandardStrong working familiarity with common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity FrameworkWorking familiarity with the NIST 800-30 standard for Risk AssessmentEducation
Bachelor’s degree: preferably in an information technology-related field of study, or equivalent years of experience requiredPreferred:
At least 5 years of Information Security, Risk Assessment or IT audit experienceExperience working in Cyber Risk, Business Risk Management, Operational Risk, Internal Audit, and/or Controls related functionFamiliarity with application, server, and network security Professional IT or Security Management certificationOne or more of CISA or CRMA, CISSP, CCSP, CISM, GIAC certificationsHowyou'll grow:
Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.Benefitsyou'll receive:
Deloitte’sTotalRewardsprogramreflectsourcontinuedcommitmenttoleadfromthefrontineverythingwe do—that’swhywetakeprideinofferingacomprehensivevarietyofprogramsandresourcestosupportyour health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.Corporate citizenship:
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.Our purpose
Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities.Our people and culture
Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.Professional development
At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India .Benefits To Help You Thrive
At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.Recruiting tips
From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.Requisition code: 304278
