Senior Security Risk Management Analyst - Contract

TalentBurst, Inc.

Palo Alto, CA

JOB DETAILS
SKILLS
Atlassian JIRA, Best Practices, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Communication Skills, Computer Science, Contract Analysis, Contract Review, Cross-Functional, Database Administration, Detail Oriented, ISO (International Organization for Standardization), Industry Standards, Information/Data Security (InfoSec), Internet Security, Knowledge Transfer, Leadership, Legal, PCI-DSS, People Management, Purchasing/Procurement, Regulatory Compliance, Regulatory Requirements, Risk, Risk Analysis, Risk Management, Security Analysis, Security Monitoring, Team Player, Time Management, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Management
LOCATION
Palo Alto, CA
POSTED
2 days ago

Senior Security Risk Management Analyst
Location : Palo Alto, CA 94304
Duration : 6 Months


Description:
Client is seeking an experienced professional to join our Third-Party/ Vendor Risk Assessment team. This team focuses on analyzing and managing risks associated with our vendors, service providers, and other third parties, ensuring our organization upholds the highest standards of compliance, security, and business resilience. While your primary responsibility will be Third-Party Risk Management, you will also collaborate on other cybersecurity risk management initiatives. Building strong cross-functional relationships across the company is a key component of this role. To excel, you must showcase exceptional leadership, communication, and decision-making skills, and have a proven track record in managing third-party risk, vendor governance, or related domains.

Responsibilities:

  • Lead and conduct comprehensive risk assessments of new and existing third-party vendors and service providers, focusing on cybersecurity, and regulatory compliance.
  • Evaluate third-party security questionnaires, audit reports (e.g., SOC 2, ISO 27001), and risk documentation.
  • Coordinate with vendors to request and verify security controls, remediation plans, and ongoing compliance.
  • Oversee facilitation of risk remediation efforts agreed upon with suppliers, ensuring timely resolution.
  • Collaborate during supplier contract development, reviewing deviations from security requirements and offering subject matter expertise on risk remediation.
  • Classify vendors according to risk tiers and maintain a comprehensive database of vendor risk profiles.
  • Participate in continuous security monitoring of existing suppliers to track changing risk profiles.
  • Partner with Procurement, Legal, Privacy, and InfoSec teams to improve supplier security management processes.
  • Identify opportunities to automate parts of the assessment process, thereby reducing manual work and enhancing efficiency.
  • Keep abreast of emerging risks, industry standards, and regulatory requirements affecting third-party vendors.
  • Contribute to broader cybersecurity risk management initiatives, including identifying, assessing, and tracking information security risks beyond the third-party domain.
  • Provide guidance and knowledge transfer to team members, supporting a collaborative team environment.

Preferred Qualifications:

  • Bachelors degree in Computer Science, Information Security, Cybersecurity, Risk Management, or a related field.
  • 6-8 years of professional experience in third-party risk assessment within cybersecurity or information risk management.
  • Understanding of relevant information security frameworks, including related regulatory compliance requirements, such as ISO 27001/2 (including ISO 27017 & 18), FedRAMP, SOC 2 Trust Services Criteria, PCI DSS, NIST CSF.
  • Solid understanding of risk assessment methodologies and best practices.
  • Ability to synthesize and communicate complex risk findings to both technical and non-technical audiences.
  • Detail-oriented, process-driven, and capable of managing multiple vendor assessments concurrently.
  • Experience with tools such as Coupa, OneTrust, JIRA and Coverbase is a plus.
  • Professional certifications in Information Security or Risk Management (e.g. CISA, CISM, CISSP, CRISC) is a plus.

#TB_EN
#ZR

#Linkd

About the Company

T

TalentBurst, Inc.

For over 20 years, TalentBurst Inc. has been an award-winning provider of cutting-edge Workforce Management Solutions. With a strong commitment to staying ahead in the tech landscape, we pioneer innovative approaches to talent acquisition. Our expertise spans Life Sciences, and Healthcare Staffing, Banking, Financial, IT, and Engineering, as well as Global Employer of Record (EOR), Agent of Record (AOR), State, Local Government and Education (SLED), and IC validation/compliance services. Additionally, our division, TalentProcure, leads the industry with offerings such as High Hazard Payroll, Managed Services, and Vendor on Premise (VOP) solutions.

Due to our prioritization of excellent standards, we are Joint Commission Certified and are a certified Minority Business Enterprise (MBE) in the USA and Canada. Supporting over 130 Fortune 500 companies globally, we excel in navigating the landscape of talent acquisition. In a world of constant change, we embrace developing people-centric solutions that address the unique demands of our clients. Stay connected by visiting our website and following us on social media!

 

COMPANY SIZE
5,000 to 9,999 employees
INDUSTRY
Staffing/Employment Agencies
FOUNDED
2002
WEBSITE
http://www.talentburst.com/