Vendor Risk Management Information Security Analyst - PA or FL

Overview

The Vendor Risk Management (VRM) program exists to assist the management of Fidelity National Financial in understanding and managing third party vendor risks within the Company. This role includes engagement with operational vendor managers, corporate control groups, and vendors (third-parties) to identify and memorialize potential risk related to the vendor’s engagement (product/service). This role includes ensuring memorialization of the vendor on the VRM panel, as well as performing the appropriate due diligence as defined in the VRM Policy, which takes into account measures for compliance with regulating entities. In addition, this position supports the VRM in the identification and memorization of the third parties by monitoring spend and/or alternative sources to proactively engage operational vendor managers to understand vendor usage and onboarding to the VRM panel. 

Duties

• Responsible for documenting and maintaining accurate vendor inventory in database• Completing the daily activities associated with, but not limited to, − Identification of third parties not in the vendor inventory database− Engaging Vendor Managers and/or vendors for onboarding of third parties− Onboarding third party engagements including performing/facilitating/documenting all efforts and results− Conducting assessments on the third parties and identifying potential risk− Continued monitoring and management of third party engagements, as defined− Coordinating termination efforts, when applicable− Support On-site vendor risk assessment process• Effectively communicate and collaborate with internal departments, including, but not limited to Operations, Legal, Information Security, IT, and Procurement• Accountable for identification and tracking of vendor issues and associated remediation plans, including reporting and escalation activities.• Supporting the cultural integration and institutionalization of the Vendor Risk program• Other duties and projects as assigned• Estimated 15% travel

Requirements

Bachelor’s Degree in a technology related field or business administration, accounting, finance, or related field is recommended, augmented by industry related training programs and supported by work experience.

Experience

Possess 4 years’ experience in assessing risks, processes and controls including experience with information security, physical security, legal, and other IT processes and functions.

Additional Information

• Possess 4 years’ experience in assessing risks, processes and controls including experience with information security, physical security, legal, and other IT processes and functions. • Demonstrate ability to plan, schedule, and coordinate work, and able to maintain high levels of details, confidentiality, and professionalism.• Must possess strong multi-tasking, organizational, communication, and interpersonal skills necessary.• Proven ability to work individually, with a team, or cross-functionally.• Self-starter with proven track record of execution and results.• Great business judgment, ability to influence others and strong analytical thinking.• Excellent written and oral communication skills.• Proficient in Microsoft Outlook. Experience in Word, Excel, PowerPoint, Visio and SharePoint.• Bachelor’s Degree in a technology related field or business administration, accounting, finance, or related field is recommended, augmented by industry related training programs and supported by work experience.• Recommended Certifications CTPRP, CISSP, CISA