Vendor Risk Consultant

at  SecurityScorecard

ABOUT SECURITYSCORECARD:

SecurityScorecard is the global leader in cybersecurity ratings, with over 12 million companies continuously rated, operating in 64 countries. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam Kassoumeh and funded by world-class investors, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their digital footprint.
Headquartered in New York City, our culture has been recognized by Inc Magazine as a “Best Workplace,” by Crain’s NY as a “Best Places to Work in NYC,” and as one of the 10 hottest SaaS startups in New York for two years in a row. Most recently, SecurityScorecard was named to Fast Company’s annual list of the World’s Most Innovative Companies for 2023 and to the Achievers 50 Most Engaged Workplaces in 2023 award recognizing “forward-thinking employers for their unwavering commitment to employee engagement.” SecurityScorecard is proud to be funded by world-class investors including Silver Lake Waterman, Moody’s, Sequoia Capital, GV and Riverwood Capital.

WHAT WE NEED YOU TO HAVE:

• 5+ years of professional cybersecurity consulting experience, or similar.
• Outstanding communication skills, and the ability to explain complex cybersecurity and vendor risk management concepts to non-technical audiences.
• Strong understanding of cybersecurity concepts, technologies, and best practices.
• Data analysis skills, using Microsoft Excel or similar, and common scripting languages, such as Python, to analyze complex data and provide trends and patterns.
• Demonstrated ability to manage multiple client accounts simultaneously, prioritize tasks, and meet deadlines.
• Work independently and collaboratively in a fast-paced, dynamic environment.
• At least one certification in the following list is desired: CEH, GSLC, GCPM, GSTRT, GCCC, GSNA, CISSP, CISM, CISA or CRISC.
• Experience conducting cybersecurity assessments and audits is desired.
• Previous experience in vendor risk management is desired, but not required.

ABOUT THE ROLE

SecurityScorecard’s MAX team delivers vendor risk management services on behalf of customers. Our MAX team is growing and we are seeking a Vendor Risk Consultant to join our team and help us manage and mitigate risks associated with our customers’ vendors. This is an exciting opportunity to work alongside some of the largest companies in the world and make a significant impact on their business by ensuring that their information is held securely by their vendors.

WHAT YOU’LL DO:

• Conduct risk assessments of customers’ potential and existing vendors to identify and mitigate potential risks.
• Monitor and track vendor risk profiles and regularly report on potential and existing risks to customers and vendors.
• Stay informed about current security threats and industry standards to continuously improve vendor risk management strategies.
• Develop and maintain strong relationships with vendors to ensure ongoing compliance with security requirements.
• Develop and maintain strong relationships with customers to help them understand the risks posed by their vendors.
• Continuously assess the effectiveness of our customers’ vendor risk management programs, and provide advice and guidance on how to enhance the effectiveness.
• Assess new and emerging cybersecurity findings identified by SecurityScorecard, and provide analysis and insight to vendors on how these impact their cybersecurity posture and how to mitigate and remediate these findings.