PDS Tech Inc Vendor Risk Manager in Menlo Park, California
PDS Tech is seeking an experienced Vendor Risk Manager for a great technology client in Menlo Park, CA for a 9-month contract.
If interested, please send your resume to Amy Bush at firstname.lastname@example.org or call 214-296-2450.
About the Role:
Anticipate, identify, monitor, and mitigate risks associated with third-party technology providers.
Completion of routine compliance assessment and analysis of vendor information security practices and governance, legal, and industry compliance.
Tasked with compiling data and completing documentation related to vendor risk, as well as ensuring that the issues that arise are appropriately captured, assessed, and mitigated to acceptable levels.
Develop, coordinate, and implement vendor risk management frameworks, policies and processes within a broader enterprise, operational and IT risk management model.
Coordinate the identification and ranking of vendor risks.
Coordinate the classification and tiering of vendors by risks and risk impacts.
Build communication and escalation plans around vendor risk management activities within the enterprise.
Understand and apply relevant regulatory and legal compliance requirements (under direct supervision of the Legal team partner).
Develop, monitor and possibly execute vendor remediation actions and mitigation plans when risks or events are identified.
Ensure third- (and increasingly, fourth) party vendor regulatory compliance.
Track identified risks and risk events.
Influence vendors and business partners to ensure compliance with risk management policies.
Collaborate as appropriate with information security, compliance and/or disaster recovery and business continuity management to maintain an enterprise risk management program.
Communicate identified risk requirements and violations to internal stakeholders (and end users within the business) and responsible vendors while supporting the response to and addressing of these issues.
3 to 5 years hands-on experience in vendor risk management and compliance issues , or similar experience managing applications, projects or systems that require identification, evaluation and remediation of risk
Technical background or demonstrable understanding of a range of operational and IT risks and operations
Strong business background; experience gathering and interpreting risks and associated impacts in context of financial and operational concerns
Strong understanding of complex vendor risk-related issues through demonstrated experience managing vendor relationships, information security or regulatory compliance programs, and audits
Familiarity with local/regional/global industry and government regulations:
Sarbanes-Oxley Act (SOX)
Payment Card Industry Security [PCI] Standards
Health Insurance Portability and Accountability Act [HIPAA]
Bachelor’s Degree required.
MBA or other advanced degree is desirable
Certifications & Licenses:
CISA – Certified Information Systems Auditor
CISSP – Certified Information Systems Security Professional
CRMA - Certification in Risk Management Assurance
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.