REMOTE Compliance Analyst

Job Title Responsibilities

• Review incoming documents from suppliers (e.g., SOC 2 Type II reports, high level system architecture diagrams, information security policies)
• Consult with other shared service departments, as appropriate (e.g., Procurement, Privacy, Operational Risk, Legal)
• Compile information into a summary report, highlighting concerns in the form of a risk report/profile for a supplier or particular engagement
• Monitor key supplier changes and risk indicators
• Issue monitoring, exception tracking and oversight of remediation actions to improve overall supplier performance
• Define, measure and monitor progress of supplier risk management activities (Issue Tracking, Risk Remediation Efforts, Key Supplier Metrics)
• Create reporting materials detailing program activities, supplier metrics and issue remediation
• Maintain supplier data accuracy within designated systems
• Provide guidance and training to stakeholders on supplier risk management policies and procedures

• Bachelor's degree in Business Information Systems, Computer Science or similar
• Minimum four years related experience, including at least two years of third party risk management experience conducting risk or compliance assessments
• Understanding of information security frameworks and standards (e.g., NIST 800-171, ISO
  27002/27002, PCI, GDPR)
• Ability to document and communicate assessment results clearly and concisely
• Knowledge of supplier risk management methodologies, risk mitigation principles
• Ability to work both independently and as part of a team to deliver quality work
• Attention to detail, and the ability to prioritize work efficiently and effectively

• Experience with One Trust
• Security-related certifications (CISA, CISM, CISSP, SANS GIAC)
• Higher education and/or research institution experience
• Understanding of higher education legal and regulatory environment