PDS Tech Inc Vendor Risk Manager in Menlo Park, California

PDS Tech is seeking an experienced Vendor Risk Manager for a great technology client in Menlo Park, CA for a 9-month contract.

If interested, please send your resume to Amy Bush at abush@pdstech.com or call 214-296-2450.

About the Role:

  • Anticipate, identify, monitor, and mitigate risks associated with third-party technology providers.

  • Completion of routine compliance assessment and analysis of vendor information security practices and governance, legal, and industry compliance.

  • Tasked with compiling data and completing documentation related to vendor risk, as well as ensuring that the issues that arise are appropriately captured, assessed, and mitigated to acceptable levels.

Day-to-Day:

  • Develop, coordinate, and implement vendor risk management frameworks, policies and processes within a broader enterprise, operational and IT risk management model.

  • Coordinate the identification and ranking of vendor risks.

  • Coordinate the classification and tiering of vendors by risks and risk impacts.

  • Build communication and escalation plans around vendor risk management activities within the enterprise.

  • Understand and apply relevant regulatory and legal compliance requirements (under direct supervision of the Legal team partner).

  • Develop, monitor and possibly execute vendor remediation actions and mitigation plans when risks or events are identified.

  • Ensure third- (and increasingly, fourth) party vendor regulatory compliance.

  • Track identified risks and risk events.

  • Influence vendors and business partners to ensure compliance with risk management policies.

  • Collaborate as appropriate with information security, compliance and/or disaster recovery and business continuity management to maintain an enterprise risk management program.

  • Communicate identified risk requirements and violations to internal stakeholders (and end users within the business) and responsible vendors while supporting the response to and addressing of these issues.

About You:

  • 3 to 5 years hands-on experience in vendor risk management and compliance issues , or similar experience managing applications, projects or systems that require identification, evaluation and remediation of risk

  • Technical background or demonstrable understanding of a range of operational and IT risks and operations

  • Strong business background; experience gathering and interpreting risks and associated impacts in context of financial and operational concerns

  • Strong understanding of complex vendor risk-related issues through demonstrated experience managing vendor relationships, information security or regulatory compliance programs, and audits

  • Familiarity with local/regional/global industry and government regulations:

  • Sarbanes-Oxley Act (SOX)

  • Payment Card Industry Security [PCI] Standards

  • Health Insurance Portability and Accountability Act [HIPAA]

  • FedRAMP

Education:

  • Bachelor’s Degree required.

  • MBA or other advanced degree is desirable

Certifications & Licenses:

  1. CISA – Certified Information Systems Auditor

  2. CISSP – Certified Information Systems Security Professional

  3. CRMA - Certification in Risk Management Assurance

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.