Third Party Risk Analyst
CurrentConduct third party security assessments for all new vendors and reassessment for existing vendors. Analyzed vendor evidence such as SOC, Vulnerability Scans and Penetration Test reports to identify gaps. Develop and maintain a comprehensive inventory of third-party vendors and suppliers and track their cybersecurity risk profiles. Monitor third-party vendors and suppliers for changes in their cybersecurity risk profiles and report any concerns to management. Provided guidance and recommendations to internal teams on best practices for managing third-party cybersecurity risks. Assisted in the design, implementation, training, and maintenance of common controls framework for continuous testing and monitoring of all information security controls and activities related to SOC2, PCI-DSS.Collaborate with internal audit teams to review and validate third-party compliance with policies and procedures. Manage relationships with third-party vendors, including ongoing monitoring and assessments of vendor security posture. Communicate effectively with stakeholders to provide updates on vendor risk assessment status, risk mitigation strategies, and compliance with regulatory requirements.