Qualifications:

· 3+ years of vendor risk management/information security experience or related fields such as audit, IT security, or business continuity, however, other IT disciplines are eligible.
· Experience in vendor management, procurement, or contract management is valuable. Understanding the vendor lifecycle, contract negotiation, and vendor evaluation processes is important for assessing and managing vendor risks.
· Familiarity with relevant regulations, industry standards, and compliance frameworks is crucial. This may include understanding regulations such as GDPR, HIPAA, PCI DSS, or industry-specific requirements.
· Understanding common security controls, vulnerabilities, and threats helps in identifying potential risks.
· Familiarity with vendor risk management tools, risk assessment software, and data analysis tools can be beneficial in streamlining processes and analyzing vendor risk data.
· Experience in a regulated (financial, pharmaceutical, health care, etc.) industry is highly desired.
· One or more of the following certifications is highly preferred: CRISC, CISM, CISA, and CISSP.