Embedded Security Software Architect developing secure cryptographic libraries for embedded applications at NXP Semiconductors. Collaborating with engineering teams to ensure high quality and integration.
QC
Hybrid Senior Analyst, Information Security – IT Vendor Risk Management
Posted 4 months ago
About the role
- Senior Analyst in Information Security & IT Vendor Risk Management ensuring security compliance across vendor ecosystem. Handling risk assessments and coordinating cyber incident responses at QTS.
Responsibilities
- Own and administer the TPRM/Vendor Risk Management (VRM) platform used for vendor onboarding, due diligence, periodic assessments, issue management, ongoing monitoring, and off-boarding
- Lead security-focused risk assessments of IT and cloud vendors, analyzing controls for infrastructure, applications, privacy, and business continuity
- Support third-party incidents and breach remediation by coordinating with vendors and internal stakeholders to identify & validate impact, document response, and track corrective actions
- Monitor vendor performance and control effectiveness against recognized security frameworks (NIST, ISO 27001, SOC 2, HITRUST, CMMC, PCI DSS) and regulatory requirements (GDPR, HIPAA, etc.)
- Create and maintain the risk register, vendor inventory and issue tracking with accurate, up-to-date information within the VRM platform
- Provide executive reporting on vendor risk posture, program metrics, incident & remediation status
- Partner with stakeholders to update standards, procedures, and controls, maturing the TPRM program to meet evolving cyber and regulatory requirements
- Liaise with internal and external auditors to manage IT security and compliance reviews tied to vendor controls
- Deliver training and awareness to stakeholders to strengthen risk management culture across business functions
- Stay updated on the latest security trends and threat intelligence
Requirements
- Bachelor’s degree required
- Minimum of 5 years of experience in IT security risk management, third-party/vendor risk management, or related fields
- Previous vendor management experience required
- Understanding of security risks across IT operations, including application development, cloud infrastructure, and disaster recovery
- Proficient in applying security and compliance frameworks such as NIST, ISO 27001, SOC 2, PCI DSS, HITRUST, GDPR, CMMC, and HIPAA
- Experience managing or administering vendor risk management (VRM/TPRM) or governance, risk, and compliance (GRC) platforms
- Skilled in evaluating SOC 2 reports, penetration test results, security questionnaires, and vendor security documentation
- Proven ability to assess risk and identify vulnerabilities through detailed risk reviews
- Demonstrated experience supporting third-party cyber incidents and breach response efforts
Benefits
- Employer Paid Benefits
- 401K with Employer Match
- QRest Sabbatical
- Employee Stock Purchase
- QTS scholarship for dependents
- Eagle Club award trip eligibility
- Paid volunteer days
- Tuition assistance
- Parental leave and military leave assistance
- Total Rewards medical, dental, vision, life, and disability insurance
- 401(k) retirement plan
- Flexible spending and HSA accounts
- Paid holidays
- Paid time off
- Employee assistance program
- Wellness program
- Other company benefits
- Bonus eligible
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Coordinate security governance tasks at Vivo to strengthen compliance and risk management. Focus on incident management and develop security maturity within the organization.
Safety Technician at TIM responsible for compliance with health and safety regulations and conducting inspections, training, and audits. Focused on workplace safety and managing emergency processes in Brazil.
Security Administrator providing personnel security and access control support for an Intelligence Community customer. Ensuring compliance with security regulations and managing security records in a fast - paced environment.
Industrial Security Senior Manager overseeing a team at Boeing to implement security policies and mitigate risks. Responsible for compliance, training, and liaising with security representatives.
Director of Engineering, Security in charge of Nexxen's security program and governance. Leading secure practices and collaborating with executives to ensure risk reduction and compliance.
Health and Safety Manager designing and implementing safety measures in occupational health. Collaborating with organizational areas to manage risk factors and ensure workplace safety.
Lead Security Engineer at US Mobile building systems for the 21st century with a focus on fraud prevention and security integration across SDLC.
Business Development Representative at xorlab driving proactive lead generation in cybersecurity market. Collaborating closely with sales and marketing team to optimize lead development processes.
Cyber Security Architect responsible for IT security compliance and cyber - risk management at a Swiss utility firm. Engaging with cross - functional teams to implement 'Secure - by - design' strategies.