BP
Bellinati PerezInformation Security Analyst – Mid-level
Information Security Analyst managing critical governance, risk, and compliance topics. Leading incident responses and security policy development in a hybrid work model.
About the role
- Lead comprehensive cybersecurity risk assessments for new and existing vendors, partners, and suppliers.
- Analyze and validate vendor security documentation, including SOC 2, ISO 27001 certifications, and security questionnaires (SIG/CAIQ).
- Evaluate vendor control environments, specializing in cloud infrastructure (AWS, Azure, GCP), application security (OWASP Top 10), and data protection.
- Clearly articulate and document technical risks for both technical teams and senior business stakeholders.
- Collaborate with Legal and Procurement to develop, track, and enforce vendor risk remediation plans.
- Drive efficiency and consistency by analyzing and optimizing the end-to-end Third-Party Risk Management (TPRM) lifecycle.
- Design and implement automated workflows within our Governance, Risk, and Compliance (GRC) platform.
- Define, track, and report Key Performance Indicators (KPIs) and metrics to measure TPRM program health and effectiveness.
- Maintain core program documentation, including Standard Operating Procedures (SOPs) and assessment methodologies.
- Conduct specialized AI vendor security evaluations covering critical domains such as model integrity, data privacy, and adversarial attack resistance.
- Provide guidance on the secure and responsible adoption of third-party AI technologies to internal teams.
- Stay current with evolving AI regulatory frameworks (e.g., NIST AI RMF, EU AI Act) and emerging security threats.
- Leverage AI solutions to automate dynamic risk management and continuous testing of vendor controls.
Requirements
- 3 years of experience in an information security, IT audit, or technology risk management role.
- At least 2 years of direct, hands-on experience in Third-Party Risk Management (TPRM).
- Proven ability to analyze and streamline complex processes, with a track record of implementing successful improvements.
- Strong technical knowledge of core cybersecurity domains, including cloud security, network security, identity and access management (IAM), and encryption.
- Demonstrated experience interpreting security reports and assessing the effectiveness of technical controls.
- A strong interest in and foundational understanding of AI/ML technologies and their unique security challenges.
- Excellent analytical skills, with the ability to think critically and solve problems independently.
- Strong written and verbal communication skills, capable of engaging with a wide range of audiences.
- Hands-on experience with TPRM platforms.
Benefits
- Health insurance
- Professional development opportunities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
ST
Spread TecnologiaAnalista de Segurança da Informação Jr.
Information Security Analyst overseeing access management for SKY applications, ensuring security compliance and incident management. Involves technical support and lifecycle management of requests.
UH
upConsult <search - select - hire>Cyber Security Analyst, 80–100%
Cyber Security Analyst enhancing cyber resilience for the Swiss financial sector with a focus on threat intelligence. Collaborating closely with partners and regulatory agencies to safeguard against cyber threats.
Junior Information Security Analyst at Dotz supporting IT in security solutions and information asset protection. Engaging with various technology areas and projects on cybersecurity initiatives.
GS
GuideWell SourceCybersecurity Analyst
Cybersecurity Analyst developing and implementing information security programs at WebTPA. Liaising between IT and business partners, addressing security requirements throughout project life cycle.
II
I Am Boundless, Inc.Cyber Security Analyst
Cyber Security Analyst managing user access and security for all company applications at a non - profit organization. Collaborating with teams to monitor cyber security incidents and ensure compliance with policies.
SH
Sheraton Heathrow HotelCyber Security Analyst, Wintel
Cyber Security Analyst managing cyber security incidents and improving resilience at Heathrow Airport. Leading response playbook development and simulation exercises for effective incident handling.
OT Security Analyst at EY's IoT/OT Security HUB, supporting cybersecurity engagements and developing solutions for the EMEIA region.
Security Operations Analyst responsible for monitoring and analyzing security events at Gen Digital. Collaborating with experts to protect global systems and data while enhancing cybersecurity posture.
Incident manager for information security incidents at TD Bank. Leading incident response and coordination for investigative activities and fraud management.