Specialist - Vendor Risk Management (VRM)

The Specialist, Vendor Risk Management, is responsible for utilizing intermediate knowledge and skills to execute Third‑Party and Vendor Risk management activities. This role involves effectively evaluating, assessing, managing, and reporting on Vendor risks. The candidate will perform the core Vendor risk assessment process, support the Head of Vendor Risk Management with ongoing monitoring, and drive continuous process improvements.

• Perform evaluation of Third Party and Vendor engagements to identify and manage vendor risk.
• Complete inherent and overall risk assessments.
• Initiate and manage the due diligence process with cross‑functional control groups.
• Review and score inherent risk questionnaires and complete overall risk assessment summaries.
• Serve as subject‑matter expert in interpreting requirements and improve awareness of operational risks faced by the Business from vendor failure/poor performance.
• Work with Strategic Sourcing/Legal/Business to mitigate losses through vendor compensation via robust contracts.
• Develop and perform reporting for VRM, including data collection, consolidation, analysis, spreadsheets, and dashboards.
• Provide and maintain vendor risk reporting mechanisms, and track and report outcomes from vendor management activities.
• Support the Head of Vendor Risk Management with reporting and monitoring of vendor risks, including data collection and analysis, and periodic ongoing monitoring.
• Analyze, update, and modify procedures and processes to identify and continuously implement vendor risk management process improvements.
• Complete quality control reviews and testing to ensure procedures are followed.
• Stay informed about the latest developments in the vendor risk management field.

• Minimum of 3+ years related work experience in vendor management or vendor risk management is required.
• Extensive working experience in Business Risk Management, Security Risk, Operational Risk, Internal Audit, and/or Controls related function is preferred.
• Comprehensive knowledge of applicable concepts and methodologies such as continuous quality improvement and auditing experience.
• Familiarity with industry compliance standards, such as ISO27001, PCI DSS, SOC1 (SSAE16) and SOC2.
• Understanding of governance structures used to manage risk programs and vendor mitigation and oversight.

• Bachelor’s degree in business administration, computer science, or a related field, or equivalent years of experience is required.