IT Vendor Risk Management Analyst

About the role

On behalf of our client, we are seeking a highly motivated and detail-oriented IT Vendor Risk Management Analyst to join the team.

This role is crucial for protecting the organization by identifying, assessing, mitigating, and monitoring risks associated with the use of third-party IT vendors and service providers.

The ideal candidate will have a strong background in IT security, compliance, and risk management frameworks.

Key Responsibilities

• Risk Assessment: Conduct comprehensive due diligence and risk assessments on new and existing IT vendors, including security posture, compliance, financial stability, and operational resilience.
  
  
• Policy and Procedure Development: Develop, maintain, and enforce IT vendor risk management policies, standards, and procedures in alignment with regulatory requirements and industry best practices.
  
  
• Contract Review: Collaborate with legal and procurement teams to review and negotiate vendor contracts, ensuring appropriate security and compliance clauses, Service Level Agreements (SLAs), and right-to-audit provisions are included.
  
  
• Ongoing Monitoring: Implement and manage a continuous monitoring program for critical vendors, tracking performance, security controls, and adherence to contractual obligations.
  
  
• Reporting: Prepare and present regular reports to senior management on the overall IT vendor risk landscape, identified risks, and mitigation efforts.
  
  
• Remediation Tracking: Track, manage, and validate vendor remediation plans for identified vulnerabilities or control deficiencies.
  
  
• Stakeholder Collaboration: Serve as a key liaison between internal business units, IT, Legal, Procurement, and external vendors on all risk-related matters.
  
  

Qualifications Required:

• Bachelor's degree in Information Technology, Computer Science, Business Administration, or a related field.
  
  
• Minimum of 5 years of experience in IT risk management, vendor risk management (VRM), third-party risk management (TPRM), IT audit, or IT security, within Banking/ Financial Services/ Fintech sector
• Relevant certifications in CISA, CISM, CISSP, CRISC will be a plus.
  
  
• Proven ability to conduct detailed risk analysis, strong analytical and problem-solving skills, and excellent written and verbal communication abilities.