Senior Analyst, Third Party Risk

Senior Analyst, Third Party Risk

About the Opportunity:

The Senior Analyst, Third Party Risk will play a crucial role in managing and streamlining Veza's response to customer security and risk assessments and contract security and privacy reviews. This position requires a detail-oriented and analytical individual with a strong background in information security, risk management, data privacy and contract language. The role will report into the Security & Trust Office and will be instrumental in enhancing Veza's security posture and customer relationships.

Location: Remote

Core Roles and Responsibilities:

• Third Party Risk Assessment Management
• Security and Privacy Contract Review and Negotiation
• Process Development and Optimization
• Cross-functional Collaboration
• Compliance and Security Posture Improvement

You Will: 

Third Party Risk Assessment Management:

• Develop and maintain a comprehensive process for handling customer security and risk assessments and questionnaires.
• Respond to customer security inquiries, RFIs, and RFPs in a timely and accurate manner.
• Coordinate with internal teams to gather necessary information for completing assessments.
• Maintain a database of standard responses to common security questions.

Security Contract Review and Negotiation:

• Review and analyze security-related and privacy-related clauses in customer contracts and agreements.
• Collaborate with legal and sales operations teams to negotiate security terms that align with Veza's capabilities and risk tolerance.
• Develop and maintain a library of approved security language for contracts.
• Stay informed about industry standards and best practices in security contract language.

Process Development and Optimization:

• Create and implement efficient workflows for managing the influx of security assessments and contract reviews.
• Develop templates, checklists, and guidelines to ensure consistency in responses.
• Implement tools and technologies to automate and streamline the assessment and review processes.
• Continuously improve processes based on feedback and changing requirements.

Cross-functional Collaboration:

• Work closely with Sales, Legal, Product, and Engineering teams to ensure accurate and consistent responses to customer inquiries.
• Collaborate with the Security team to stay updated on Veza's security controls and practices.
• Provide regular updates to leadership on assessment trends, contract negotiations, and potential risks.

Compliance and Security Posture Improvement:

• Identify common customer security requirements and work with internal teams to address any gaps.
• Contribute to the maintenance and improvement of Veza's compliance certifications (e.g., SOC 2, ISO 27001).
• Analyze trends in customer security requirements to inform Veza's security roadmap.

Requirements:

• Bachelor's degree in Information Security, Risk Management, or a related field; Master's degree preferred.
• Minimum of 5 years of experience in information security, with a focus on third-party risk management and security assessments.
• Strong understanding of cloud security, data protection principles, data privacy, and common compliance frameworks (e.g., SOC 2, ISO 27001, GDPR).
• Experience with contract review and negotiation, particularly security-related clauses.
• Excellent analytical and problem-solving skills with meticulous attention to detail.
• Strong written and verbal communication skills, with the ability to explain complex security concepts to various audiences.
• Proficiency in using GRC (Governance, Risk, and Compliance) tools and other relevant technologies.
• Relevant certifications such as CISSP, CISA, or CRISC are highly desirable.
• Familiarity with SaaS business models and associated security challenges is a plus.