Vendor Risk Analyst

Job Description

Job Summary

The Vendor Risk Analyst reports directly to the Manager Information Security, India, who is part of the corporate information security team in the IT department. The IT department is part of the Global Corporate Services (GCS) group that provides centralized services to Milliman practices globally.

• Support the implementation of a Standardised and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/State Regulatory requirements.
• Provide guidance to internal stakeholders to ensure requirements of VRM are fully understood.
• On-board existing and new High/Medium Risk vendors into the Vendor Management System
• Initiate and manage vendor communications related to due diligence questionnaires and other document requests
• Collect and analyze data received from vendors
• Maintain an up-to-date vendor inventory within the Vendor Risk Management system.
• Work with business owners, internal stakeholders, and vendors to ensure documentation is up-to-date throughout the vendor lifecycle.
• Prepare risk assessment reports for vendors identified as High/Medium risk.
• Update existing reports on a periodic basis.
• Proactively monitor risk incidents, remediation resolution including development and execution of corrective action plans, and ensure follow-on reporting and monitoring
• Escalate risk issues to the appropriate individuals, as needed.
• Communicate risk-related issues and resolution management with specific vendors.
• Develop and maintain metrics reports/dashboard related to vendor groups.
• Work with internal teams to analyze and resolve potential issues.
• Evaluate vendor performance against service level agreements
• Provide documentation for external audit requests
• Assist with vendor off-boarding, as needed
• Perform any other job related assignments, as requested, with reasonable accommodation.

Qualifications

Required:

• Bachelors degree in IT/ Computer Science
• Minimum 5 years related work experience in vendor management, vendor risk management, and/or strategic sourcing and procurement required
• Expertise in reviewing SOC reports and ISO certification
• Preferred practical knowledge of risk management software/applications (e.g., OneTrust)
• Preferred One Trust Certified Professional/ Expert
• Working knowledge of service level agreements and/or contractual requirements
• Ability to interpret information security data and processes to identify potential compliance and/or issues
• Excellent verbal and written communication skills including the ability to prepare documentation, policies and build consensus across a broad group
• Proficiency with Microsoft Office productivity applications (Word, Excel, PowerPoint, Visio)
• Knowledge of information security principles, frameworks and best practices.