C

(On-site) Information Security Vendor Management Analyst

icon briefcase Job Type : Full Time

Number of Applicants

 : 

000+

Click to reveal the number of candidates who applied for this job.
icon loader
Apply Now
icon loader Apply Now

Let AI Supercharge Your Job Hunt!

JobCopilot scans 500,000+ company career sites daily to find jobs for you

Never miss an opportunity Save hours by auto-filling applications forms Land more interviews with tailored applications
happy man
thunder iconActivate JobCopilot

Job Description - (On-site) Information Security Vendor Management Analyst


The Vendor Management Analyst is responsible for supporting the Bank’s Third-Party Risk Management (TPRM) Program within the Information Security department. This role evaluates the risk of new and existing third-party relationships, conducts and documents due diligence, supports contract reviews, and manages ongoing monitoring activities to ensure compliance with regulatory guidance (e.g., FFIEC, GLBA, FDIC). The Analyst will work closely with business owners, Risk, Compliance, Project Management, Finance, and senior leadership to ensure vendors meet the Bank’s security, operational, and financial requirements.

Third-Party Risk Assessments

  • Evaluate risks presented by new and existing vendors across cybersecurity, operational, financial, compliance, business continuity, privacy, and reputational domains.
  • Determine required risk tiering and corresponding due diligence requirements.
  • Partner with business units to ensure clear articulation of vendor use cases and criticality.Due Diligence and Ongoing Vendor Monitoring
  • Gather required due diligence artifacts such as SOC 2 reports, independent audits, penetration test summaries, cybersecurity questionnaires, financial statements, insurance certificates, business continuity plans, and regulatory compliance attestations.
  • Review and assess due diligence documents for adequacy, control effectiveness, gaps, and red flags.
  • Document findings, residual risks, and recommendations within the Bank’s vendor management system.
  • Request and follow up on remediation or compensating controls for identified deficiencies.
  • Maintain documentation memorializing new vendor diligence and ongoing monitoring results. 

Contract Review Support

  • Review contracts and amendments for required information security and risk-related provisions, including data security requirements, confidentiality, incident reporting, business continuity, right to audit, subcontractor oversight, and termination rights.
  • Collaborate with Legal and Procurement to ensure contract terms align with bank policy.

Issue Tracking & Remediation Oversight

  • Maintain the Bank’s Vendor Watchlist to track issues with vendors, vendor remediation efforts, and follow up on open issues.
  • Document evidence of corrective actions and ensure timely resolution of audit or exam findings.

Program Governance & Reporting

  • Prepare reporting for management, committees, and the Board.
  • Support internal/external audits and regulatory exams.
  • Assist with development and enhancement of TPRM policies and procedures.
  • Train business units and stakeholders on the vendor management process and program. 

Requirements

  • Bachelor’s degree in Information Security, Business, Risk Management, or related field.
  • 2–5 years of experience in vendor management, third-party risk, cybersecurity risk, or related banking role.
  • Prior experience in banking or financial services.
  • Ability to interpret SOC reports and cybersecurity controls.
  • Strong analytical and documentation skills.

Preferred Qualifications

  • Understanding of FFIEC, GLBA, and industry best practices.
  • Familiarity with NIST CSF, ISO 27001, SIG/AUP questionnaires.
  • Experience reviewing contracts from a security or risk perspective.
  • Exceptional candidates will have relevant certifications such as CTPRP, CRVPM, or CRISC

Original job (On-site) Information Security Vendor Management Analyst posted on GrabJobs ©. To flag any issues with this job please use the Report Job button on GrabJobs.
Apply Now
Share Job
Share Job

Auto-Apply to Vendor Management Analyst Jobs with your AI JobCopilot

thunder icon Auto-Apply with AI

Similar Vendor Management Analyst Jobs in the US

GrabJobs is the no1 job portal in the US, connecting you to thousands of jobs fast! Find the best jobs in the US, apply in 1 click and get a job today!

Mobile Apps

Copyright © 2026 Grabjobs Pte.Ltd. All Rights Reserved.