Job Description Title Sr. Analyst ndash Third Party Risk Management Location Menlo Park, CA Ekman Associates, Inc. is a Southern California based company focused on the following services Management Consulting, Professional Staffing Solutions and Executive Recruiting. Summary The Sr. Analyst, Third Party Risk Management role is responsible for supporting the Third Party Risk Management program by conducting domestic and global third party risk assessments. Daily activities will include coordinating intake of new vendors and new engagements, vendor security reviews, interacting with internal and external stakeholders, reporting on assessment outcomes and tracking remediation efforts. Key Qualifications Understand, document and test IT risk and controls Strong Cybersecurity and Privacy knowledge Understanding of vendor risk and data analysis Lead and define risk assessment process Strong Understanding of business and technical requirements for GRC tool Responsibilities Develop and conduct Risk Assessments. Follow-up with business as needed for clarification on the risk tier Apply methodology to determine risk tier Review business and technical assessments questionnaires and evidence. Schedule and conduct review calls with vendors ensure and track questionnaires sent to vendors, track and report on abandoned vendors, receive and review questionnaires responses and evidence, hold review calls, finalize report Coordinate other due diligence that need to be done in addition to security questionnaire when needed Develop corrective action plans and monitor third party remediation efforts Document and communicate findings and observations to internal and external stakeholders Track open issues and related remediation execution (programmatic) Utilize a GRC tool as the central repository for risk and control information. Collaborate with internal stakeholders to develop continued program process improvements Report on assessment outcomes, risk levels, and remediation progress Continuously raise awareness on the program through training, info-sessions and interactions with business stakeholders, security teams, legal, etc. Qualifications Bachelorrsquos degree with a major in business or management information system or relevant experience In depth knowledge of Third Party Risk Management Performing IT risk assessments against OWASP, PCI, GLBA, NIST, ISO, SIGAUP or other standards Collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources to analyze findings in the context of the overall third party risk. Demonstrated ability to prepare management level reporting and effectively communicate observations across all levels of the organization Strong knowledge base in information security, risk management, privacy, operations, enterprise networking, systems evaluation, and architecture Demonstrated experience in the areas of risks and controls across various IT platforms Strong analytic skills for problem analysis and resolution Advanced MS-Office skills including Excel and PowerPoint Ability to communicate complex technology risk assessment information to non-technical business stakeholders to ensure they comprehend the risk being assigned to them Ability to discern business relevant risk associated with technology control deficiencies, and to identify the corresponding remediation which is required to mitigate the business impact Deep understanding and knowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, Safe Harbor, CSA, etc. This individual requires strong written, verbal communication and organizational skills as they will be working on multiple projects with technology stakeholders across the organization Preferred certifications CISSP, CISA, CIPP, CRISC, CEH, andor CISM Self-starter who can function independently with limited direction Experience in managing Third Party Risk with a large volume of vendors globally Experience in the development, implementation, andor maintenance of a global enterprise IT and security risk and control framework Ability to understand the ldquobig picturerdquo by aligning activities to business objectives and partnering with other IT GRC functions to align on strategies and enterprise priorities Ability to prioritize activities based on business criticality, audits, threats, vulnerabilities, and regulatory requirements Experience creating a risk-aware culture Experience with IT GRC platforms, including the ability to drive maturity and enhancements to the platform, tools, and methodologies Qualified Candidates Only If you wish to learn more about this opportunity and additional qualificationsresponsibilities, please submit your resume. To learn more about Ekman Associates, Inc. please visit our website at www.ekmanassociates.com httpwww.ekmanassociates.com .