Grc Specialist, Vendor Risk Management Job in Qualys, Inc.

Description

• Designing and implementing broad third-party governance and risk management frameworks/processes, developing third-party risk and control assessments, and implementing managed services to improve/enhance an organizations Supplier Relationship and Supplier Risk Management program.
• Support the customer lifecycle of 3rd party risk management by managing the documentation and distribution of responses to customers through customer engagement.
• Customer Security Questionnaires, Customers Vendor Risk Management questionnaires, Qualys Supplier Risk Management, Custom Audits, and other applicable documentation.
• Demonstrated problem-solving capacity and the ability to make decisions that impact customer/supplier service levels with a sense of urgency.
• Provide subject matter mentoring and training to peers and other colleagues in the organization.
• Identify opportunities for improvements in security and business processes, and partner with the GRC Design & Innovation team to implement enhancements to the Issues & Exceptions Management processes.

Basic Qualifications

• Master's degree in business, information systems or computer science, or equivalent experience.
• 6 to 7 years of experience in Information Security Governance, Risk, and Compliance, preferably in a cloud-focused organization.
• Experience with information security frameworks such as FedRAMP, SOC 2, ISO 27001/2, NIST SP 800-53, Cybersecurity Framework, Supplier-Chain Risk Management Framework.
• Experience with Supplier Risk Management Tools or Automation of Third-Party Risk Management process.
• You have created and maintained relationships with business and technical experts throughout the company who provide expertise in security requirements and solutions design.