Senior Vendor Cyber Risk Analyst

S&P Global
Full time Full day
S&P Global Corporate

The Role: Senior Vendor Cyber Risk Analyst

The Team:

As part of Corporate Risk Management / Business Delivery Risk Management, the Vendor Cyber Risk Management team manages the Supply Chain Cyber risks by performing risk assessments of third-party engagements to identify and reduce the risks posed by third parties. This is an extremely important role, considering the fact that 63% of data breaches happen due to third parties. It involves working with internal stake holders as well as third parties to achieve the results.

The Impact:

This role helps reduce the cyber risk posed by third parties and protects S&P Global brands against possible attacks against our information assets by threat actors via backdoor created by our vendors.

What’s in it for you:

Third party risk management is one of the fast-growing areas in financial services companies. The rapid pace of adoption of cloud applications (SaaS) and Business Process Outsourcing (BPO) has made this even more critical as regulators pay a lot of attention as to how companies manage third-party risk.

What We’re Looking For:
Basic Qualifications:

Bachelor’s degree in Computer Science or engineering or equivalent

Experience: Minimum 8 years of experience in Information Technology or Risk Management, out of which a minimum of 4 years with Information Security or Technology Risk Management

Experience with Information Security and/or Technology Risk Management, servicing US-based large financial services companies

Ability to assess controls with respect to cloud applications as well as organization-wide controls

Demonstrable understanding of the concepts of technology controls and information security controls

Strong communication skills are a must. The resource should be able to effectively communicate with cross-functional teams and external vendors, both written and oral communication is critical

The candidate is required to act as a “Go to” person for rest of the team.

The candidate is also expected to perform complex risk assessments of cloud service providers.

Ability to come up with risk metrics, to enhance our existing procedures is highly desired.

This position is required to work in UK Shift; flexibility is a must, especially when it comes to vendor and internal meetings held during US business hours

Exposure to cloud technologies and cloud security is highly desired; the familiarity with pubic cloud technologies such as Amazon Web Services (AWS) or Microsoft Azure or Google Cloud is highly preferred

Any prior exposure to vendor risk management is a plus

Preferred Qualifications:

Certifications: Information Security and risk management certification (e.g. ISACA/CRISC, SANS/GIAC, ISC2 CISSP, ISACA/CISA) is desirable but not a must

Project management skills are nice to have as the activities involve coordination with internal stakeholders and the vendors

Return to Work: Have you taken time out for caring responsibilities and are now looking to return to work? As part of our Return to Work initiative (link to career site page when available), we are encouraging enthusiastic and talented returners to apply, and will actively support your return to the workplace.

The Grade : 10

The Location: Islamabad, Pakistan

About Company Statement: S&P Global delivers essential intelligence that powers decision making . We provide the world’s leading organizations with the right data, connected technologies and expertise they need to move ahead. As part of our team, you’ll help solve complex challenges that equip businesses, governments and individuals with the knowledge to adapt to a changing economic landscape.



Equal Opportunity Employer

S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to: [email protected] and your request will be forwarded to the appropriate person.

US Candidates Only: The EEO is the Law Poster describes discrimination protections under federal law.

----------------------------------------------------------- 20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.1 - Middle Professional Tier I (EEO Job Group)

Job ID: 286797

Posted On: 2023-05-03

Location: Islamabad, Pakistan

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

PLEASE DO NOT APPLY ONLINE Purpose of the Consultancy The purpose of this consultancy the Institution is to provide technical expertise to the Ministry of National Health Services, Regulations, and Coordination (Mo/NHSR&C) in the development of a National Framework for...
United Nations Pakistan
Full time Full day
WFP encourages female candidates and people with disabilities to apply. WFP seeks candidates of the highest integrity and professionalism who share our humanitarian principles. Selection of staff is made on a competitive basis. We are committed to promoting diversity and...
National Poverty Graduation Programme
Full time Full day
Posted date 1st June, 2023 Last date to apply 19th June, 2023 Locations Islamabad Category Healthcare Provider Experience 5 years Greetings from the National Poverty Graduation Programme (NPGP). The NPGP is a 6-year programme (with possible extension of 18 months)...