CISSP Jobs - Sr. Analyst - Third Party Risk Management, 15674

at Ekman Associates
Location Menlo Park, CA
Date Posted March 17, 2020
Category Default
Job Type Full-time


Ekman Associates, Inc. is a Southern California based company focused on the following services: Management Consulting, Professional Staffing Solutions and Executive Recruiting.


The Sr. Analyst, Third Party Risk Management role is responsible for supporting the Third Party Risk Management program by conducting domestic and global third party risk assessments. Daily activities will include coordinating intake of new vendors and new engagements, vendor security reviews, interacting with internal and external stakeholders, reporting on assessment outcomes and tracking remediation efforts.

Key Skills:

  • Strong Analytical Skills
  • Experience and knowledge with Cobit and ISO frameworks
  • Proficient in IT Controls


  • Develop and conduct Risk Assessments
  • Follow-up with business as needed for clarification on the risk tier
  • Apply methodology to determine risk tier
  • Review business and technical assessments questionnaires and evidence. Schedule and conduct review calls with vendors: ensure and track questionnaires sent to vendors, track and report on abandoned vendors, receive and review questionnaires responses and evidence, hold review calls, finalize report
  • Coordinate other due diligence that need to be done in addition to security questionnaire when needed
  • Develop corrective action plans and monitor third party remediations efforts
  • Document and communicate findings and observations to internal and external stakeholders
  • Track open issues and related remediation execution (programmatic)
  • Utilize a GRC tool as the central repository for risk and control information.
  • Collaborate with internal stakeholders to develop continued program process improvements
  • Report on assessment outcomes, risk levels , and remediation progress
  • Continuously raise awareness on the program through training, info-sessions and interactions with business stakeholders, security teams, legal, etc.

Drop files here browse files ...