Analyst, Vendor Risk Management
Location: Hybrid In Leeds, UK
The Position
The Analyst, Vendor Risk Management will work with clients to identify client supply chain risk and cybersecurity challenges, advise on best practices in vendor risk management, and ensure successful delivery of BlueVoyant solutions to solve customer problems. The incumbent will consult directly with clients to establish and improve the management of vendor risks, implement third-party cybersecurity risk management programs and support the day-to-day review of and interaction with third party vendors.
Key Responsibilities
1. Participate in third-party risk management consulting engagements as part of BlueVoyant’s Supply Chain Defense business
2. Support Third Party Risk Workshops at BlueVoyant Clients focused on the following topics:Vendor Identification and StratificationVendor On-boarding, Monitoring and RemediationCybersecurity Risk Questionnaire Development
3. Project and program delivery, including project and process management, reporting, engagement in senior leadership meetings, drafting and reviewing materials for senior management and other governance activities
4. Communicate findings and recommendations to client stakeholders, best practices, tools and technology
5. Mature standard operating procedures for customers to optimize utilization of BlueVoyant’s offerings
6. Enable business development in renewal, cross-sell, and up-sell opportunities of BlueVoyant offerings while maintaining client trust
7. Create repeatable processes and frameworks portable across clients and industries to accelerate future Third-Party Risk Cybersecurity Risk Management implementations
8. Travel to Clients as requested
9. German or French as a first or second language preferable but not essential.
Qualifications
10. CISSP or similar preferred.
11. Familiarity with encryption fundamentals and network design required.
12. 1+ years of Third-Party Risk Management consulting (including vendor cybersecurity risk) at a Big 4 consulting firm or vendor risk management company
13. 2+ years leading an enterprise risk management program, including Third-Party Risk, Internal Risk Maturity and Assessment, Risk Consolidation, and Risk Reporting
14. Information security/cybersecurity accreditation and background
15. Experience working in a cybersecurity or technology organization
16. Entrepreneurial nature and drive for results
17. Clear communication and writing skills
18. Ability to conduct deep client discovery to uncover root cause problems and build trusted relationships
19. Ability to design programs and solutions with minimal guidance and oversight