Job Specifications
Key Responsibilities
Perform third-party/vendor security assessments, including review of security documentation such as ISO 27001 certifications, SOC 1 and SOC 2 reports, and other relevant attestations.
Evaluate vendor risk based on responses to security questionnaires and evidence of controls.
Use BitSight tools to review and continuously monitor vendors’ cybersecurity posture and identify emerging risks.
Maintain and update the vendor risk management system, ensuring accurate documentation of assessments, remediation actions, and risk ratings.
Collaborate with Information Security and Procurement teams to ensure that risk findings are communicated and addressed.
Assist in developing and refining third-party risk management procedures, policies, and reporting.
Track remediation efforts and follow up with vendors on open findings or improvement actions.
Support due diligence efforts for new vendor engagements and periodic reviews of existing relationships.
Stay current on evolving cybersecurity threats, regulatory expectations, and third-party risk management best practices.
Qualifications
Bachelor’s degree in Information Security, Information Technology, Risk Management, or a related field (or equivalent experience).
2+ years of experience in vendor risk management, information security, or IT audit.
Familiarity with security and privacy frameworks, including ISO 27001, NIST CSF, and SOC 2 Trust Service Criteria.
Experience using BitSight, Security Scorecard, or other vendor risk rating platforms.
Strong analytical and communication skills with the ability to present findings clearly to technical and non-technical stakeholders.
Detail-oriented, with strong organizational and documentation skills.
Experience working in a law firm, financial services, or other regulated environment preferred.
Preferred Skills
Understanding of data privacy regulations (e.g., GDPR, CCPA, HIPAA).
Experience with vendor management systems (e.g., Archer, One Trust, Process Unity, etc.).
Relevant certifications such as CISA, CRISC, CISSP, or CTPRP are a plus.
About the Company
Galent is an AI-native digital engineering firm at the forefront of the AI revolution, dedicated to delivering unified, enterprise-ready AI solutions that transform businesses and industries. Our mission is to empower organizations to thrive in an ever-evolving digital landscape through cutting-edge AI-native services, consulting, and digital engineering.
As enterprises face the complexities of integrating advanced technologies, Galent provides scalable, AI-enabled solutions that optimize processes, enhance productivity, an...
Know more