Analyst, Third Party Security

Overview

Manage vendor security risk assessments and mitigation for third‑party relationships.

Key Responsibilities

• sra monitoring
• risk analysis
• kpi tracking
• security questionnaires
• ad-hoc reporting
• vendor assessment

Tasks

-Responsible for monitoring a vendor’s SRA from start to finish. (escalating, tracking) -Interact with internal business stakeholders to define, execute, and deliver appropriate analysis -Assist with generation and tracking of relevant vendor SRA metrics/KPIs including but not limited to: Actual Time to Complete, SRAs Completed Year-to-Date -Update job aids to accommodate changes and test prior to implementation to ensure quality messaging -Recommend vendor risk exposures to be accurately measured, documented, and reported, escalating issues to the relevant internal team members to develop an appropriate remediation plan (if applicable) -Drive and execute relevant vendor security questionnaire activities -Process ad hoc requests for reporting and analysis -Scope - Interact with internal stakeholders to deliver risk analyses and perform related tasks -Responsible for the day-to-day execution, maintenance, and results communication of the vendor Security Risk Assessment (SRA) and related processes/procedures (risk review, analysis, follow-up, meeting participation, etc.) to assess risk from a third party security risk management perspective -Assist with Constellation-as-a-Vendor inbound security assessment requests -Assist with compliance, ad-hoc reporting, operations, and metrics tasks as needed -Provide necessary data to properly report and track vendor SRA and vendor remediation requirement metrics -Work under limited supervision, following standard procedures to accomplish assigned tasks

Requirements

• security+
• fair
• databases
• vendor management
• sig
• bachelor's

What You Bring

-Familiarity with third-party management tools -Background in third party/vendor management and governance, procurement, or regulatory compliance -Familiarity with risk quantification standards such as FAIR -Knowledge of security concepts, terminology, and tools -Technical knowledge of databases, database queries, and database reporting -Strong communication skills, both written and oral -Knowledge of PC/desktop workstation applications: Microsoft Teams, Word, Excel, Outlook, PowerPoint -Strong analytical and problem-solving skills with the ability to analyze data, identify opportunities, determine solutions, identify and obtaining needed resources, and execute to completion -Bachelor's degree in related field discipline and typically 2-5 years' experience in security or related technical field or equivalent combination of education and work experience. -Familiarity with standardized third-party security assessments such as SIG/SIG Lite -Certification: Security+, SANS, and other related technical certifications

People Also Searched For

About Constellation

-Reclaimed independence in 2022 to focus on clean-energy goals. -Powers over 20 million U.S. homes and businesses with diverse energy sources. -Restarted Three Mile Island Unit 1 with Microsoft's 20-year energy agreement. -Provides retail energy services to ~2 million customers, including Fortune 100 companies.

Sector Specialisms