Vendor Risk Analyst Resume Sample
Work Experience
- Technical expertise to review a vendor’s controls and document in business terms the risk, and recommendation to address the vendor’s control deficiencies
- Train/educate internal business sponsors on VRM policy, expectations, and risk management best practices and promote risk awareness opportunities to enable business lines to effectively interact with Vendor Risk Management
- Lead the identification, evaluation, and documentation of risks and controls associated with new and existing vendor engagements on an enterprise-wide basis and ensure appropriate processes have been followed prior to agreement/contract signature
- Work closely with business lines to facilitate collection of vendor security and compliance documentation
- Monitor and measure vendor risk metrics as well as strategic alignment opportunities
- Prepare and analyze ad-hoc and regular risk updates for management
- Schedule and assist business sponsors with annual residual risk reviews of high-risk vendors
- Manage and maintain the Vendor Management repository with up to date vendor information including but not limited to due diligence documentation, contracts, vendor policies and procedures
- Track progress and report status of issues that have been escalated to Vendor Risk Management
- Oversee the development of risk programs to achieve desired risk tolerance levels
- Collaborate with key stakeholders to improve efficiency and refine vendor assessment process
- Research best practices and stay abreast of key internal controls, security, and IT regulations such as SOX, HIPAA, PCI-DSS, COSO, COBIT, GDPR and other regulatory guidelines
- Lead key cross-functional projects designed to assess and improve control environment or ensure compliance with existing or new regulations
- Define functional and technical requirements to develop enterprise tools to support the VRM program
- Provides coordination support to ensure that vendor management activities are processed appropriately in Magellan's governance risk and compliance system
- Collaborates with the Strategic Sourcing Team to create and revise systems and procedures by analyzing practices, reporting requirements, and archiving guidelines
- Collaborates with Contract Managers, Sourcing Managers and Buyers in the review and preparation of support documents Vendor due diligence reviews
- Validates incoming supplier engagements, working with business partners to ensure data is complete and accurate and inherent risks are identified
- Drives remediation activities from identification, plans preparation and closure. Holds owners accountable to delivery of remediation solution within the agreed upon/reasonable SLA
- Acts as 3rd party risk management “ambassador” to both internal and external customers. Provides guidance and leadership to other risk management team members
- Coordinates execution of approved documents, updates status in system and assists with the distribution of documents, both internally and externally
- Administers the Supplier Risk Management process in the selected GRC Tool used to evaluate suppliers throughout the relationship lifecycle
- Assists in the design and ongoing improvement of the Vendor Risk Management process – including testing, trouble shooting and user training in GRC Tool
- Provides assistance to users in all matters relating to the operation of the Vendor Risk Management process and the navigation of the GCR Tool
- Identifies and implements opportunities for process improvements and further automation
- Performs initial and annual vendor financial strength evaluation
Education
Professional Skills
- Proven experience in developing and managing processes and procedures while continuously seeking to make relevant and practical improvements to each
- Strong aptitude for multi-tasking, project management and being able to determine appropriate prioritization of projects
- Understanding and experience with GRC toolkits such as Archer and MetricStream
- Experience forming complex SQL queries, analyzing large datasets, and answering business and security questions through insights in data
- Experience in setting up workflows in GRC tooling
- Strong understanding of business process analysis and supporting technologies in the vendor risk area
- Experience in related vendor oversight field; overall performance, monitoring service levels
How to write Vendor Risk Analyst Resume
Vendor Risk Analyst role is responsible for software, finance, training, database, procurement, auditing, purchasing, security, architecture, reporting.
To write great resume for vendor risk analyst job, your resume must include:
- Your contact information
- Work experience
- Education
- Skill listing
Contact Information For Vendor Risk Analyst Resume
The section contact information is important in your vendor risk analyst resume. The recruiter has to be able to contact you ASAP if they like to offer you the job. This is why you need to provide your:
- First and last name
- Telephone number
Work Experience in Your Vendor Risk Analyst Resume
The section work experience is an essential part of your vendor risk analyst resume. It’s the one thing the recruiter really cares about and pays the most attention to.
This section, however, is not just a list of your previous vendor risk analyst responsibilities. It's meant to present you as a wholesome candidate by showcasing your relevant accomplishments and should be tailored specifically to the particular vendor risk analyst position you're applying to.
The work experience section should be the detailed summary of your latest 3 or 4 positions.
Representative Vendor Risk Analyst resume experience can include:
- Very strong business writing and verbal communication (and presentation) skills; in both Spanish and English
- Strong commercial analytical skills
- Strong working knowledge of IT Security Operations experience working with networks, applications, systems, or datacenters
- Strong negotiation and conflict resolution abilities
- Establish strong relationships with business unit stakeholders (EO’s and others) and become their trusted advisor
- Ensure accurate vendor risk ratings are completed, validated and all required vendor artifacts and documentation is collected appropriately
Education on a Vendor Risk Analyst Resume
Make sure to make education a priority on your vendor risk analyst resume. If you’ve been working for a few years and have a few solid positions to show, put your education after your vendor risk analyst experience. For example, if you have a Ph.D in Neuroscience and a Master's in the same sphere, just list your Ph.D. Besides the doctorate, Master’s degrees go next, followed by Bachelor’s and finally, Associate’s degree.
Additional details to include:
- School you graduated from
- Major/ minor
- Year of graduation
- Location of school
These are the four additional pieces of information you should mention when listing your education on your resume.
Professional Skills in Vendor Risk Analyst Resume
When listing skills on your vendor risk analyst resume, remember always to be honest about your level of ability. Include the Skills section after experience.
Present the most important skills in your resume, there's a list of typical vendor risk analyst skills:
- Excellent communication and problem-solving/trouble-shooting skills
- Excellent organizational and time management skills, with the ability to perform with general direction
- Proven experience working on Information Security teams or conducting Information Security consulting engagements
- Good understanding of compliance schemes concerning PCI, SOx, ISO27000 and GDPR
- Adaptable - Adjusts to multiple demands, shifting priorities, ambiguity, and rapid change. Accepts and adapts to new or alternative approaches
- Experience in IT audit; IT compliance; IT security or vendor assessment activities
List of Typical Experience For a Vendor Risk Analyst Resume
Experience For Senior Vendor Risk Analyst Resume
- Understanding of Vendor Performance Management
- Work according to regulatory requirements
- Performs special tasks and assignments as required by management
- Knowledge of Risk Management concepts and methodologies
- Work with procurement technology and processes
- Monitor compliance with policy, procedures, and processes
Experience For Vendor Risk Assessment Analyst Resume
- Contract Management- ability to resolve contract related issues
- Develop and manage vendor relationships
- Understand and abide by business ethical standards
- Confident presence - Viewed as an authority
- Assist with the execution of enterprise third-party vendor risk reviews to ensure that Wintrust has the proper oversight over its new and existing vendor relationships
Experience For Information Security Senior Vendor Risk Analyst Resume
- Assist in the maintenance, monitoring and reporting of enterprise third-party vendor risk management metrics and KRIs for inclusion in enterprise risk management reporting as well as for line of business reporting as appropriate
- Assist in the maintenance of a third-party vendor risk management governance committee to provide oversight to the Wintrust Board of Directors
- Participation in the Risk and Control Self-Assessment (RCSA) process and maintenance of the risk and control library for enterprise third-party vendor risk management
- Remain up to date on regulatory guidance and practices related to third-party management and keep abreast of current trends/industry events
- Assist in coordinating with senior management within the 1st line businesses in reviewing overall operations, developing, and conducting risk assessments, and advising on risk framework, risk oversight, and risk management policy questions as they relate to enterprise third-party vendor risk management
- Establish relationships with stakeholders to ensure effective communication channels exist to identify business requirements and to align risk management strategies and options with business strategies
Experience For Senior Vendor Risk & Compliance Analyst Resume
- Actively participate in the formulation and implementation of risk mitigating actions with EO’s, vendors and other stakeholders from supporting functions (Legal, TMD, Our People, Compliance, FORM, etc)
- Work closely with Legal and SS&P’s Contract Administration group to ensure vendor risks are appropriately addressed in contract templates and particular contracts
- Provide suggestions, create efficiencies and identify continuous improvement opportunities to improve the vendor risk management process
- Serve as key contact for business stakeholders related to risk management
List of Typical Skills For a Vendor Risk Analyst Resume
Skills For Senior Vendor Risk Analyst Resume
- Good communication skills in order to bring people together when issues need to be solved
- Experience in Business and/or Operational Risk Management
- Experience in Vendor Risk Management in the area of outsourced IT services, cloud tools, software
- Experience in audit and compliance
- Understanding of processes for risk ranking and assessing vendors across diverse industries and against a broad range of security requirements
- Reporting on monitored suppliers, and identification of any abhorrent behavior
Skills For Vendor Risk Assessment Analyst Resume
- Executing processes designed to identify and mitigate vendor risk in the Voya environment to include
- Working understanding of the vendors setup rules, supplier sourcing functionality, and the associated affects on purchasing execution process and systems
- Able to make use of assurance reporting, eg. SOC, and other compliance reporting
- Conduct due diligence around ongoing monitoring and maintain governance tools and processes
- Legal knowledge in order to have proper understanding of contracts with vendors
- Coordinate with stakeholders to initiate, scope and plan assessments of existing or new vendor engagements
Skills For Information Security Senior Vendor Risk Analyst Resume
- Strategist – applies innovative approaches to driving high value
- Lead problem solving activities
- Familiarity with forecasting, negotiations, and contract management
- Successful risk management requires dynamic individuals who are able to liaise with business and technology stakeholders and foster collaboration, integrate perspectives and drive to business beneficial outcomes
- Demonstrated ability to work cross-functionally (internally) and/or with outside professionals
Skills For Senior Vendor Risk & Compliance Analyst Resume
- Support the Technical Assessment Group’s goal to conduct detailed security and privacy assessments of vendors going through the Company’s Vendor Assessment Program
- Relevant work experience as an SME in Technology Risk Assessments
- Detail oriented with ability to handle multiple priorities
- Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines
- Three to five years’ work experience in an Auditing role with solid corporate risk, procurement, quality, and/or process management experience, including at least two years’ experience with supplier risk monitoring
- Travel both domestically and internationally to support projects (if required – less than 25% projected); with frequent extended hours during peak work times
Skills For Vendor Risk & Compliance Analyst Resume
- Help demonstrate Facebook’s commitment to security to external stakeholders
- Travel to support projects (less than 25% travel is projected)
- Experience assisting financial institutions with risk management/third-party management oversight programs or “Big Four” Financial Services consulting experience executing third-party management vendor reviews for mid-size or large institutions
- Support compliance processes, by helping maintain our Booking.com control framework to manage risk, and supporting compliance monitoring
- Identify potential areas of vendor risk for Booking.com, by performing risk assessments at process, application, and system level
- Recommend risk-mitigating actions, provide general and technical guidance on how to prevent, or deal with, similar situations in the future and define controls to mitigate these risks
Skills For Senior Vendor Risk & Relationship Analyst Resume
- Assess documentation to validate vendor implementations and information security controls
- Assist 3rd party service owners to understand risks within their domain and assist in providing the best solutions to mitigate such risks
- Perform information security assessments on vendor solutions
- Perform remote and table-top assessments
- Perform Information Security assessments at vendor locations where required
- Produce analysis of threat analysis and identified gaps
- Communicate vendor information security issues to stakeholders
- Escalate vendor issues as required
Skills For Senior Analyst, Vendor Risk Assessment Resume
- Deep experience in Information Security vendor and risk management with strong preference given to individuals who have completed vendor security risk reviews and technical risk assessments
- Experience with developing security reporting that is meaningful and actionable for a variety of audiences including peers, internal stakeholders, management, and external third parties
- Knowledge and understanding of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, physical security, etc
- Conduct third party risk assessments aligned with ISO and NIST standards
- Competent designer of mixed-technology solutions
- Perform in a fast-paced multidisciplinary environment
Skills For Senior Onsite Vendor Risk Analyst Resume
- Coordinate and perform vendor reviews to comply with LoanCare’s vendor performance management program
- Directly responsibility for oversight compliance with Trustmark’s requirement for periodic review of the financial condition of service providers and other technology vendors
- Demonstrated ability to work cross-functionally (internally across Business Units) and/or with outside professionals
- Execution of initial vetting requirements, categorization criteria, controls and ongoing monitoring
- Assist in the development of risk classification, scoring, and approval criteria to ensure appropriate classifications of high risk vendors and the appropriate level of monitoring
- Ensure that controls are in place, focused on due diligence such as requiring data points for initial assessment and vendor adoption approval criteria and defining/implementing mandatory contractual terms for risk mitigation and penalties for breech
- Ensure proper controls and governance tools are intact monitor spend levels, purchasing patterns, appropriateness of goods/services procured and compliance to policies
- Participate in the development of analytics tools to help monitor and identify risk
Skills For Vendor & Information Security Risk Analyst Resume
- Work with Procurement, Accounts Payable and Audit teams to conduct investigations where necessary
- Innovative and Resourceful - Draws from a large pool of diverse resources or information
- Creative - Develops new approaches for situations in which standard approaches do not apply
- Coordinate with Commodity Managers for net new services to ensure proper risk assessment completion and update legacy services based on their risk profile
- Ensure all new vendor engagements that involve the vendor handling, processing, storing, or accessing sensitive information are reviewed to provide assurance the vendor has appropriate controls in place to protect Voya™ information prior to the business signing a contract
- Validate and confirm the need for other parties within Popular to participate in the risk assessment and due diligence process
Skills For Contingent Vendor Risk Analyst Resume
- Perform periodic reviews of all existing active vendor engagements
- Recommend systems and process enhancements to reduce processing times and improve accuracy
- Maintain a vendor repository for all vendor engagements that handle, process, store, or access sensitive information
- Lead the execution of Popular Vendors’ Risk Assessment Program
- Evaluate initial engagement risk assessment for both quality and content and provide assistance as needed to ensure risks are adequately analyzed
- Work closely with Vendor Relationship Officers and Engagement Owners to monitor vendor compliance with risk program and risk management activities
- Serve as main liaison between the Engagement Owners/Business Units and the appropriate parties performing due diligence in the risk management process to ensure the timely execution of the process
- Provide subject matter expertise related to vendor risk assessment to the Engagement Owners and their business units
- Manage engagement risk assessment scoring process and ensure consistency in its application. Work closely with FORM to ensure the scoring process appropriately considers risks and that scores reflect their potential gravity and magnitude