Contact Us
search
INFORMATION SECURITY ANALYST - FREMONT, CA
Purpose of Position

We are seeking an Information Security Analyst to assess and manage third-party risks during vendor evaluations. The ideal candidate will be responsible for conducting periodic risk assessments based on vendor sensitivity, data scope, or previous security incidents. This position requires a strong understanding of information security frameworks, risk management practices, and analytical expertise.

 

Essential Functions:

  1. Audit Planning and Execution:
    1. Develop and execute a comprehensive internal audit plan based on risk assessments and organizational priorities.
    2. Conduct audits of various departments and functions, including financial, operational, compliance, and IT audits.
  2. Security Assessments:
    1. Conduct detailed security risk evaluations during the initial stages of vendor engagements.
    2. Assess vendors' security practices, data privacy protocols, and operational frameworks.
    3. Perform regular reviews and reassessments of vendor risk levels, particularly those handling sensitive data or with a history of security breaches.
    4. Establish ongoing monitoring and risk reassessment processes for all third-party vendors.
  3. Risk Identification:
    1. Identify, evaluate, and rank potential risks associated with third-party vendors.
    2. Work closely with external partners and internal teams to create and implement risk reduction strategies.
  4. Collaboration:
    1. Advise stakeholders on security best practices and requirements.
    2. Deliver insightful risk assessments and clear reports with actionable recommendations for senior leadership.
    3. Build strong relationships with internal departments, IT teams, and vendors to promote a collaborative approach to risk management.
  5. Reporting:
    1. Perform data analysis and generate reports to track third-party risk.
    2. Monitor program performance and ensure milestones are met in a timely manner.
  6. Governance and Compliance:
    1. Develop and enforce 3rd party vendor management policies, procedures, and standards to maintain compliance with regulatory requirements, industry standards, and internal controls.
    2. Ensure adherence to key regulatory and security standards such as NIST 800-53, GDPR and ISO/IEC 27001.
    3. Support contract reviews to ensure vendor agreements align with security and risk mitigation standards.
    4. Contribute to enhancing vendor risk management protocols and processes.

 

Experience: 

  • 6+ years of experience in conducting security control assessments or audits.
  • 6+ years of experience with information security standards and privacy laws (e.g., ISO 27001, NIST, HIPAA).
  • 2+ years of experience in developing or managing security awareness programs.
  • Proficiency in third-party risk assessment methodologies and tools.
  • In-depth knowledge of GRC frameworks and tools.
  • Understanding of emerging technologies such as Large Language Models (LLMs), Artificial Intelligence (AI), and Machine Learning (ML).
  • Excellent analytical, critical thinking, and problem-solving skills.
  • Strong written and verbal communication skills.

 

Education:

  • Bachelor’s degree in Computer Science, Information Systems, Business, or a related field, or equivalent relevant experience.

 

Certifications (nice to have):

  • Professional certifications such as CISA, CISM, CRISC, CISSP.

 

Salary Range:

$140,000 - $160,000 DOE

Apply