More jobs:
Senior Vendor Risk Analyst
Job in
Atlanta, Fulton County, Georgia, 30301, USA
Listed on 2026-06-03
Listing for:
Fortress Information Security
Full Time
position Listed on 2026-06-03
Job specializations:
-
IT/Tech
Cybersecurity, Information Security
Job Description & How to Apply Below
Location:
Hybrid - Candidates must be based in one of the following areas Naperville, IL / Birmingham, AL / Atlanta, GA. You will work out of the client site closest to your location three days per week, with an expectation of four days per week later in 2026.
Compensation: $100,000 - $130,000 per year, depending on experience and qualifications.
Employment Type:
Full-Time
Travel:
Less than 15%, occasional travel for industry collaboration or professional development
What you can expect as the Senior Vendor Risk Analyst at Fortress
The Senior Vendor Risk Analyst plays a pivotal role within the Supply Chain Risk Management (SCRM) team, leading third-party vendor risk assessments and shaping how a major energy organization manages supply chain cyber risk. Working directly with vendor relationship owners and cross-functional stakeholders across Legal, Supply Chain, Cybersecurity, and Technology, this role drives continuous improvement of the Third-Party Risk Management (TPRM) program and directly influences leadership-level business decisions.
This position provides meaningful exposure to critical infrastructure protection under NERC CIP standards and offers a mission-driven opportunity to help secure systems that society depends on. This is an ideal role for an experienced risk professional seeking broad organizational influence, visibility, and impact.
This role offers the opportunity to work closely with a major energy sector client in a highly integrated capacity. Based on performance, business needs, and client discretion, there may be future opportunities to transition into direct employment with the client organization.
Job Responsibilities:
* In coordination with the customers vendor relationship owners, manage assessments of vendors' security controls to identify shortfalls.
* Communicate remediation options to the vendors
* Collaborate with TPRM team members and business partners to complete assessments and determine risk mitigation strategies
* Become an expert of the TPRM platform to identify and direct necessary customizations, enhancements, and record maintenance to a vendor-supported platform that enable relevant reporting and Program maturation
* Develop an appreciation and understanding of various business units while employing your knowledge of security fundamentals to effectively communicate customer risk resulting from assessment findings
* Proactively propose and implement changes to customer Program policy/practice to ensure a risk-informed approach to vendor/supply chain management
* Collaborate across Supply Chain, Legal, Cybersecurity, and the Technology Organizations to create a shared picture of supplier risk
* Support cross-functional teams to investigate, analyze, and make recommendations to leadership or process owners regarding technology solutions, security architecture, or security vulnerabilities
* When appropriate, collaborate across Cyber org to identify compensating controls for significant vendor-specific risks to the company and its customers
* Review vendor-proposed modifications to Master Service Agreements or Application Service Provider Agreements on behalf of customer to identify any unacceptable security risks associated with new language
* Understand, relate, and transform regulatory requirements into information security policy, standards, procedures, and guidelines
* Maintain current knowledge of information security concepts, technologies, and practices
* Other duties as assigned
Required qualifications:
* United States citizenship is required
* 7-10 years experience in security risk assessment, risk management, compliance or auditing
* Strong knowledge of security control frameworks (e.g., NIST SP 800-53, ISO/IEC 27001:2013)
* Ability to communicate clearly, confidently, and knowledgeably to internal and external stakeholders regarding the Program and assessment results
* Demonstrated history of critical, independent, and creative thinking to enable continuous improvement or business success within the constraints of security imperatives
* Ability to holistically assess the risk of a third party engagement, considering control gaps, the nature of the vendor relationship, and the way a vendor's products/services are leveraged required
* Must have demonstrated history of critical, independent, and creative thinking with high attention to detail; this will enable continuous improvement and ensure auditable record trail for all assessment data
* Prior experience overseeing one or more people in support of a technology solution or program
* Demonstrated ability to work with and in cross-functional teams
* One or more of the following certifications: TPCRA, C3
PRMP, CTPRA CISSP, CASP, CISA, CISM, GIAC, PMP
* Must be able to pass NERC CIP and Insider Threat Program background screening due to access to sensitive critical infrastructure and information regarding security capabilities
* Occasional travel for industry collaboration/influence or professional development is…
Position Requirements
10+ Years
work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×