Job D5354 Description Click to apply: Please attach resume to mail | |
SOFT's client located in Richmond, VA ( hybrid / remote ) is looking for a Third Party Risk Analyst for a long term contract assignment. Responsibilities: • Support key program objectives to ensure critical 2024 goals are accomplished in alignment with organizational expectations. • Provide advisory services to evaluate, recommend, design, and implement third-party risk management solutions and process improvements. Collaborate with internal teams to drive vendor due diligence activities, inclusive of identifying and assessing risks and mitigating controls. • Develop knowledge of vendor services and obligations provided by vendors and business owners’ reliance upon those services. Use knowledge to identify requirements, develop, monitor, and support the execution of third-party remediation actions and mitigation and contingency plans, as warranted, when risks or risk events are identified. • Conduct risk assessments and develop mitigation plans, work closely with vendor managers and business stakeholders on the finalization of mitigation plans and execution against continuous monitoring and control plans. • Assess the effectiveness of control and mitigation plans, advising stakeholders on any required control enhancements for third-party risks. • Review and interpret results of vendor audit reports and attestations (such as SOC2 reports); identify deficiencies and areas for remediation; advise appropriate stakeholders on findings; incorporate into overall vendor risk assessment and mitigation plans. • Review data and assist in advising stakeholders and others on best practices and how to implement the necessary changes to address third-party risks. • Build communication and escalation plans related to third-party risk management activities. • Provide strategic support to business owners, stakeholders, and leaders. • Assist with process improvement and discussions related to third-party risk management solutions. Qualifications: • Bachelor's Degree or equivalent experience • 3 to 5+ years of experience in managing risk and compliance issues, or similar experience managing applications, projects, or systems that require identification, evaluation, and remediation of risk. • Enhanced knowledge pertaining to concepts and principles related to third-party risk management. • Experience with compliance and security audits, and risk mitigation plans. Experience developing and completing vendor risk assessments for enterprise-level vendor relationships. Understanding of various risk and security certifications and attestations (SOC2, ISO 27001, etc.). Familiarity with third party risk and governance concepts. • Proficient understanding of complex vendor risk-related issues through demonstrated experience managing vendor relationships, information security or regulatory compliance programs, and audits. • Ability to tailor communications to their appropriate audience and present information in a credible, confident, and influential manner. Communicate in a concise, direct and purposeful way. |