Ingram Micro is looking for some amazing third-party cybersecurity risk analysts. This position will ensure risk is being managed throughout third party life cycle (planning, due diligence, contract, transition, on-going monitoring, and exit).
This position will work closely with business leaders and managers to ensure awareness and understanding of third-party risk program requirements and associated risk within their portfolios.
This position will work with Ingram Micro’s sourcing team to negotiate the security addendum contract with external parties. This position will also perform third-party contract audits on high-risk engagements to ensure third parties are complying with their cybersecurity contract obligations.
The ideal candidate will have a background in contract language, contract management, vendor management, vendor negotiations, risk management, and internal audit.
- Confidence and tact to challenge and negotiate responses to risk assessment questionnaires.
- Confidence and tact to negotiate contract language (related to cybersecurity) with third parties (including attorneys).
- Demonstrate advanced understanding of information security controls related to vendor risk management and related standards
- Identify and evaluate vendor technology risks, controls which mitigate risks, and opportunities for control improvement
- Understand overall vendor risk management processes, perform vendor/third party due diligence review and prepare related reporting
- Ability to prioritize workload and adhere to deadlines
- Independent & self-motivated
- Strong oral and written communication skills
- 4 Year College Degree in a related field (Computer Science, Business Management, Finance, Engineering, Legal, etc.) required
- 3+ years of relevant work experience in the area of information security, internal audit, risk management, paralegal, etc.
- Training from SANS, a CISSP or CISM Certification, PMP Certification, or EnCE Certification