Vendor Risk Management Analyst

Summary

Join BlueVoyant as an Analyst, Vendor Risk Management and contribute to identifying and mitigating client supply chain risks and cybersecurity challenges. You will advise clients on best practices, implement third-party risk management programs, and support vendor reviews. This role involves direct client consultation, participation in risk management engagements, and communication of findings and recommendations. You will also mature standard operating procedures, support business development, and create repeatable processes. The position requires a hybrid work model with 1-2 days per week in the Washington, DC area office and travel as needed. United States citizenship is required.

Requirements

• Familiarity with encryption fundamentals and network design
• 2+ years of Third-Party Risk Management consulting (including vendor cybersecurity risk) at a Big 4 consulting firm or vendor risk management company
• 3+ years leading an enterprise risk management program, including Third-Party Risk, Internal Risk Maturity and Assessment, Risk Consolidation, and Risk Reporting
• Information security/cybersecurity accreditation and background
• Experience working in a cybersecurity or technology organization
• Entrepreneurial nature and drive for results
• Clear communication and writing skills
• Ability to conduct deep client discovery to uncover root cause problems and build trusted relationships
• Ability to design programs and solutions with minimal guidance and oversight
• United States Citizenship

Responsibilities

• Participate in third-party risk management consulting engagements as part of BlueVoyant’s Supply Chain Defense business
• Support Third Party Risk Workshops at BlueVoyant Clients focused on the following topics: Vendor Identification and Stratification
• Support Third Party Risk Workshops at BlueVoyant Clients focused on the following topics: Vendor On-boarding, Monitoring and Remediation
• Support Third Party Risk Workshops at BlueVoyant Clients focused on the following topics: Cybersecurity Risk Questionnaire Development
• Project and program delivery, including project and process management, reporting, engagement in senior leadership meetings, drafting and reviewing materials for senior management and other governance activities
• Communicate findings and recommendations to client stakeholders, best practices, tools and technology
• Mature standard operating procedures for customers to optimize utilization of BlueVoyant’s offerings
• Enable business development in renewal, cross-sell, and up-sell opportunities of BlueVoyant offerings while maintaining client trust
• Create repeatable processes and frameworks portable across clients and industries to accelerate future Third-Party Risk Cybersecurity Risk Management implementations
• Work 1-2 Days per week from Washington, DC area office
• Travel to clients as requested

Preferred Qualifications

CISSP or similar