Related skills
iso 27001 vendor risk assessment soc 2 nist csf onetrust📋 Description
- Lead risk assessments of third-party vendors focusing on cybersecurity and regulatory compliance.
- Evaluate third-party security questionnaires and audit reports (SOC 2, ISO 27001).
- Coordinate with vendors to verify security controls and remediation.
- Oversee risk remediation efforts with suppliers for timely resolution.
- Collaborate with Procurement, Legal, Privacy, and InfoSec to improve supplier security management.
- Identify automation opportunities to reduce manual assessment work.
🎯 Requirements
- Bachelor’s degree in CS, Info Security, Cybersecurity, Risk Mgmt, or related field.
- 6-8 years in third-party risk assessment within cybersecurity or information risk.
- ISO 27001/2 incl ISO 27017/18, FedRAMP, SOC 2, PCI DSS, NIST CSF.
- Solid risk assessment methodologies and best practices.
- Able to synthesize and communicate risk findings to technical and non-technical audiences.
- Detail-oriented, process-driven, able to manage multiple vendor assessments concurrently.
Meet JobCopilot: Your Personal AI Job Hunter
Automatically Apply to Business & Management Jobs. Just set your
preferences and Job Copilot will do the rest — finding, filtering, and applying while you focus on what matters.
Help us maintain the quality of jobs posted on Empllo!
Is this position not a remote job?
Let us know!