Coordination role for Health and Safety in Underground Mine at Atlantic Nickel in Itagibá/BA. Focus on strategies for safety and health systems in underground operations.
QC
Hybrid Senior Analyst, Information Security – IT Vendor Risk Management
Posted 4 months ago
About the role
- Senior Analyst in Information Security & IT Vendor Risk Management ensuring security compliance across vendor ecosystem. Handling risk assessments and coordinating cyber incident responses at QTS.
Responsibilities
- Own and administer the TPRM/Vendor Risk Management (VRM) platform used for vendor onboarding, due diligence, periodic assessments, issue management, ongoing monitoring, and off-boarding
- Lead security-focused risk assessments of IT and cloud vendors, analyzing controls for infrastructure, applications, privacy, and business continuity
- Support third-party incidents and breach remediation by coordinating with vendors and internal stakeholders to identify & validate impact, document response, and track corrective actions
- Monitor vendor performance and control effectiveness against recognized security frameworks (NIST, ISO 27001, SOC 2, HITRUST, CMMC, PCI DSS) and regulatory requirements (GDPR, HIPAA, etc.)
- Create and maintain the risk register, vendor inventory and issue tracking with accurate, up-to-date information within the VRM platform
- Provide executive reporting on vendor risk posture, program metrics, incident & remediation status
- Partner with stakeholders to update standards, procedures, and controls, maturing the TPRM program to meet evolving cyber and regulatory requirements
- Liaise with internal and external auditors to manage IT security and compliance reviews tied to vendor controls
- Deliver training and awareness to stakeholders to strengthen risk management culture across business functions
- Stay updated on the latest security trends and threat intelligence
Requirements
- Bachelor’s degree required
- Minimum of 5 years of experience in IT security risk management, third-party/vendor risk management, or related fields
- Previous vendor management experience required
- Understanding of security risks across IT operations, including application development, cloud infrastructure, and disaster recovery
- Proficient in applying security and compliance frameworks such as NIST, ISO 27001, SOC 2, PCI DSS, HITRUST, GDPR, CMMC, and HIPAA
- Experience managing or administering vendor risk management (VRM/TPRM) or governance, risk, and compliance (GRC) platforms
- Skilled in evaluating SOC 2 reports, penetration test results, security questionnaires, and vendor security documentation
- Proven ability to assess risk and identify vulnerabilities through detailed risk reviews
- Demonstrated experience supporting third-party cyber incidents and breach response efforts
Benefits
- Employer Paid Benefits
- 401K with Employer Match
- QRest Sabbatical
- Employee Stock Purchase
- QTS scholarship for dependents
- Eagle Club award trip eligibility
- Paid volunteer days
- Tuition assistance
- Parental leave and military leave assistance
- Total Rewards medical, dental, vision, life, and disability insurance
- 401(k) retirement plan
- Flexible spending and HSA accounts
- Paid holidays
- Paid time off
- Employee assistance program
- Wellness program
- Other company benefits
- Bonus eligible
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Entry - Level Software Security Engineer at Tektronix focusing on secure product development and automation scripting. Collaborating with engineers to maintain cybersecurity best practices and standards.
Senior Cybersecurity Engineer at GM Financial designing scalable security capabilities to mitigate threats. Collaborating across teams and leveraging automation for enhanced security measures.
Senior Security Implementation Consultant responsible for implementing security controls in HPC environments. Working with teams on PKI, PAM, IAM, and infrastructure security solutions.
Lead Security Architect at Synchrony focusing on Zero Trust networking across various environments. Partnering with teams to design and implement secure connectivity and policies.
Enterprise Account Specialist engaging with key clients to design customized solutions within sales. Conducting market research and driving contract renewals for mid - to - large accounts.
Senior Product Go - to - Market & Partner Strategy role at Fortinet involving business development and product management in the cybersecurity sector.
Cybersecurity professional executing the cybersecurity program at Nightwing Intelligence Solutions. Responsible for RMF documentation, vulnerability assessments, and incident response in Sterling, VA.
Senior Network Security Engineer driving Zero Trust security fabric design and optimization at CRC Group. Hands - on role managing Zscaler and Palo Alto implementations across multi - cloud environments.
Lead Cybersecurity Engineer driving security testing automation at AT&T. Collaborating with teams to enhance security across telecom networks and systems.