Security Analyst/ IT Auditor

Job Overview And Responsibility

● Working Time: Monday - Friday, 8:00 AM - 5:30 PM (Flexible depending on each project) ● About the project: We have a US client and they are seeking a Cybersecurity Analyst/IT auditor with a focus on vendor risk management to join our team. In this role, you will be responsible for assessing the security posture of third- party vendors to protect our organization/customers. You will work across a multi-tiered assessment program, using your analytical and communication skills to identify and document potential risks. Vendor Risk Assessment: - Conduct tiered assessments of vendors, ranging from a basic analysis to more complex evaluations (most of the focus will be on Tier 3 and Tier 2) - see below: • Analyze vendor reports and publicly available information to identify security red flags and potential vulnerabilities. • Review vendor-provided documentation, including Privacy Impact Assessments. Documentation and Reporting: - Summarize assessment findings and create comprehensive risk summaries in the customer-approved format(s). - Ensure all documentation is accurate, well-structured, and free of grammatical or spelling errors. - Maintain effective written communication with internal teams. Vendor communication will be handled by the customer. Customer will interact with the Vendor(s): - Distribute and collect required documents, methodologies, and other materials to the customer so that the customer can communicate with vendors for assessment purposes. Compliance and Security Oversight: - Adhere strictly to Customer’s security protocols, ensuring no data is extracted or exfiltrated without explicit approval. - Identify and report on inappropriate security activities within other customer business units.