Technical Program Manager leading the delivery of security and compliance solutions for Onit’s SaaS platforms. Collaborating with multiple teams to ensure regulatory compliance and best practices.
QC
Hybrid Senior Analyst, Information Security – IT Vendor Risk Management
Posted 3 minutes ago
About the role
- Senior Analyst in Information Security & IT Vendor Risk Management ensuring security compliance across vendor ecosystem. Handling risk assessments and coordinating cyber incident responses at QTS.
Responsibilities
- Own and administer the TPRM/Vendor Risk Management (VRM) platform used for vendor onboarding, due diligence, periodic assessments, issue management, ongoing monitoring, and off-boarding
- Lead security-focused risk assessments of IT and cloud vendors, analyzing controls for infrastructure, applications, privacy, and business continuity
- Support third-party incidents and breach remediation by coordinating with vendors and internal stakeholders to identify & validate impact, document response, and track corrective actions
- Monitor vendor performance and control effectiveness against recognized security frameworks (NIST, ISO 27001, SOC 2, HITRUST, CMMC, PCI DSS) and regulatory requirements (GDPR, HIPAA, etc.)
- Create and maintain the risk register, vendor inventory and issue tracking with accurate, up-to-date information within the VRM platform
- Provide executive reporting on vendor risk posture, program metrics, incident & remediation status
- Partner with stakeholders to update standards, procedures, and controls, maturing the TPRM program to meet evolving cyber and regulatory requirements
- Liaise with internal and external auditors to manage IT security and compliance reviews tied to vendor controls
- Deliver training and awareness to stakeholders to strengthen risk management culture across business functions
- Stay updated on the latest security trends and threat intelligence
Requirements
- Bachelor’s degree required
- Minimum of 5 years of experience in IT security risk management, third-party/vendor risk management, or related fields
- Previous vendor management experience required
- Understanding of security risks across IT operations, including application development, cloud infrastructure, and disaster recovery
- Proficient in applying security and compliance frameworks such as NIST, ISO 27001, SOC 2, PCI DSS, HITRUST, GDPR, CMMC, and HIPAA
- Experience managing or administering vendor risk management (VRM/TPRM) or governance, risk, and compliance (GRC) platforms
- Skilled in evaluating SOC 2 reports, penetration test results, security questionnaires, and vendor security documentation
- Proven ability to assess risk and identify vulnerabilities through detailed risk reviews
- Demonstrated experience supporting third-party cyber incidents and breach response efforts
Benefits
- Employer Paid Benefits
- 401K with Employer Match
- QRest Sabbatical
- Employee Stock Purchase
- QTS scholarship for dependents
- Eagle Club award trip eligibility
- Paid volunteer days
- Tuition assistance
- Parental leave and military leave assistance
- Total Rewards medical, dental, vision, life, and disability insurance
- 401(k) retirement plan
- Flexible spending and HSA accounts
- Paid holidays
- Paid time off
- Employee assistance program
- Wellness program
- Other company benefits
- Bonus eligible
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Head of Security Data and AI Lab driving strategic leadership and innovation for security data and AI solutions at Lloyds Banking Group. Managing security data and AI capabilities to protect and innovate.
Senior Data Security Engineer leading design and implementation of data protection solutions at Phoenix Group. Collaborating closely with teams to enhance data security posture.
Network Security Engineer at Bank of America focusing on designing and implementing network security solutions. Requires deep knowledge in cybersecurity and collaboration with global teams.
Security Alarm Technician installing various security and smart home devices at Guardian Protection. Delivering quality service while adhering to company standards and regulations.
Senior Security Architect providing cyber security and privacy risk solutions for clients at PwC New Zealand. Collaborating with teams to set a new standard in digital services.
Security Consultant supporting customers with IT Security Consulting in various areas. Engaging in project management from analysis to execution, both remotely and on - site.
Security Consultant providing guidance on information security management systems and compliance. Analyzing processes, assessing risks, and developing security strategies for clients in Germany.
Cyber Security Specialist focuses on securing IT environments and implementing security standards. Engaging in continuous development of security strategies and solutions across systems in a hybrid role.
Cyber Security Consultant developing sustainable products and services for the public sector. Leading expertise in Digital Security with external customer consultation.