Specialist - Vendor Risk Management - 0951

• Risk Experience: Strong understanding of operational, security, and business risk management.
• Third‑Party Risk Assessment: Experience evaluating vendor risks, including RAQ, CPD, AMI sanctions, BCP, SOC reports, and company audits.
• Financial Risk Understanding: Ability to review financial statements, inflows, and outflows.
• Information Security Knowledge: Exposure to InfoSec domain concepts and requirements.
• First Line of Defense: Experience supporting risk mitigation activities in the first line of defense.
• Compliance Knowledge: Familiarity with standards such as ISO 27001, PCI DSS, SOC1/SSAE16, SOC2.
• Analytical Skills: Skilled in data consolidation, audit activities, and continuous improvement.
• Stakeholder Management: Ability to collaborate effectively with sourcing, legal, and business teams to mitigate vendor risks.

The candidate should have at least 3 years of experience and will use intermediate knowledge and skills to perform Third‑Party and Vendor Risk Management activities. The role involves evaluating, assessing, managing, and reporting vendor risks.

The candidate is responsible for reviewing and scoring inherent risk questionnaires, managing due diligence activities with cross‑functional control groups, and completing overall vendor risk assessments. The role also supports the Head of Vendor Risk Management with reporting, monitoring, data analysis, and ongoing vendor oversight.

• Perform evaluations of third‑party and vendor engagements to identify and manage vendor risk, including completing inherent and overall risk assessments and initiating due diligence as per procedures.
• Develop and perform Vendor Risk Management (VRM) reporting, including data collection, consolidation, analysis, and creation of spreadsheets and dashboards.
• Conduct quality‑control reviews and testing to ensure procedures and standards are followed.
• Provide and maintain vendor risk reporting mechanisms, tracking, and reporting outcomes from VRM activities.
• Analyze, update, and enhance procedures and processes to support continuous improvement of the vendor risk management program.
• Stay up to date on the latest developments and best practices in vendor risk management.
• Serve as a subject matter expert in interpreting requirements, improving awareness of operational risks arising from vendor failures or poor performance, and partnering with Strategic Sourcing, Legal, and Business teams to mitigate risks through strong contractual controls.
• Perform other job‑related tasks as requested, with reasonable accommodation.

• Bachelor’s degree in Business Administration, Computer Science, or a related field (or equivalent experience).
• Minimum 3+ years of experience in vendor management or vendor risk management.
• Strong understanding of continuous quality improvement methodologies and auditing practices.
• Experience in Business Risk Management, Security Risk, Operational Risk, Internal Audit, or Controls functions preferred.
• Familiarity with industry compliance and security standards such as ISO 27001, PCI DSS, SOC1 (SSAE16), and SOC2.
• Understanding of governance structures for, vendor mitigation strategies, and oversight frameworks.