Vacancy expired!
GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation's top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.
As a Senior third-party/vendor security risk analyst, you will deliver vendor security risk advisory services to GuidePoint customers. Primary responsibilities include: (1) working with vendor risk management (VRM) tools, (2) reviewing vendor-provided security artifacts (e.g., SOC 2 reports, ISO 27001 certifications, cyber insurance, SIG questionnaires, vendor policies, etc.), (3) conducting vendor risk assessments, (4) communicating with internal and customer stakeholders, (5) managing project status, and (6) administrative tasks. Position Requirements:- Bachelors Degree and 3-5+ years of relevant work experience
- Working knowledge of information security concepts and controls
- Understanding of regulatory requirements pertaining to information security, privacy, and/or data security
- Ability to consult with customers in a service advisory capacity
- Self-driven; able to manage schedules, meet deadlines, coordinate with others, perform tasks, and work independently with minimal supervision
- Excellent project management skills, with the ability to work with multiple customers, deadlines, and priorities
- Organized and effective with time and meeting management
- Strong interpersonal and communication skills with the ability to ask questions, actively listen, escalate roadblocks, and interact effectively at multiple levels
- Strong analytic skills and attention to detail
- Coachable, able to receive direction, feedback, and to adjust quickly
- Consulting experience
- Experience in cybersecurity governance and risk management
- 2+ years' experience with Governance, Risk, and Compliance (GRC), Vendor Risk Management (VRM), and/or Security Ratings platforms (e.g., OneTrust, Prevalent, ThirdPartyTrust, SecurityScoreCard, BitSight) required
- Experience in security frameworks such as ISO, NIST, COSO, COBIT, PCI, etc.
- IT Service Management tool experience (e.g., ServiceNow, JIRA)
- System and Organization Controls (SOC) 2 Trust Services Criteria audit experience preferred
- Professional certification (CISA, CISM, CISSP, Security+, or similar) required
- Remote workforce primarily (U.S. based only, some travel may be required for certain positions)
- 100% employer-paid medical and dental premiums with generous employer family contributions
- 11 corporate holidays and a Flexible Time Off (FTO) program
- Healthy mobile phone and home internet allowance
- Eligibility for retirement plan after 2 months at open enrollment
Vacancy expired!