Sr Analyst - Vendor Compliance Security

60026

Apply now     

The IT and Digital team at WESCO has an exciting opening for a fast paced, entrepreneurial, individual who has a focus on process and lean work methodology. The Sr. Vendor Compliance Security Risk Analyst will be responsible for administering and helping to mature WESCO’s third party supplier/vendor security risk management capabilities as a member of WESCO’s Information Security Team.

In support of the Information Security Team, the Sr. Vendor Compliance Security Risk Analyst will also respond to our customer's vendor risk assessments and security questionnaires.

The responsibilities will include:

  • Evaluating third party supplier/vendors data protection and security risk management capabilities and practices by conducting security risk assessments of third party suppliers/vendors and leading the interactions with suppliers/vendors to obtain risk treatment decisions and appropriate risk mitigation solutions.
  • Articulating risk assessment results into clearly understandable business impacts and socializing these terms to assist business and IT stakeholders in evaluating and determining if proposed risk treatment options are appropriate.
  • Effectively communicating risks to internal business sponsors, suppliers, and other internal business and IT stakeholders to ensure business relationships being considered with suppliers do not negatively impact the company’s best interest or ability to meet regulatory or contractual data protection and information security obligations.
  • Working with suppliers and internal business sponsors to address security risk concerns and gap remediation in a timely manner.
  • Providing risk-based guidance to internal business sponsors and supplier/vendor representatives to ensure their full understanding, acceptance, and commitment to remediate risks identified during risk assessments to acceptable levels.
  • Providing risk assessment results input to the corporate procurement and contract compliance teams to assist in the negotiation of supplier contracts.
  • Develop third party risks reporting metrics to demonstrate volume, risk levels, and risk trending of all third party supplier security risk assessment activities.
  • Making recommendations and implementing changes to mature and increase the effectiveness of the supplier/vendor security risk management program.
  • Responding to customer security questionnaires, documenting responses, generating metrics, and adding to WESCO’s risk registry when WESCO’s controls may not meet our customer’s expectations.


Required:

  • Bachelor’s degree in Information Systems or IT related field or equivalent work experience
  • 7+ years of experience in Information Security or IT Governance, Risk and Compliance
  • Experience with information security frameworks such as SOC 2, ISO 27001/2, SOC2, PCI or NIST Cybersecurity Framework
  • Experience conducting third party supplier/vendor due diligence and vendor security assessments
  • Experience with data privacy regulations (GDPR, CCPA etc.)
  • Demonstrated understanding of cyber security risk management methodologies, emerging cyber security risks, and technologies
  • Demonstrated experience utilizing automated or manual risk assessments tools and templates
  • Relationship focused and demonstrated ability to effectively translate and communicate risks to different stakeholder groups within various levels of an organization
  • Energy, focus, assertiveness and diplomacy
  • Excellent communication skills

Preferred:

  • Certifications: CISSP, CISA, CISM, CIPP or equivalent
  • Demonstrated knowledge of multiple IT and info security risk areas, such as Identity and Access Management, Vulnerability Management, SDLC and Secure Coding principles, and Security Awareness and Training


Click here to apply online


EB-1936113600

About WESCO

WESCO International, Inc. (NYSE: WCC), a publicly traded FORTUNE 500® holding company headquartered in Pittsburgh, Pennsylvania, is a leading provider of electrical, industrial, and communications maintenance, repair and operating (MRO) and original equipment manufacturer (OEM) products, construction materials, and advanced supply chain management and logistic services. Pro forma 2019 annual sales were approximately $17.2 billion, including Anixter International. The company employs approximately 18,900 people, maintains relationships with more than 30,000 suppliers, and serves more than 150,000 active customers worldwide. Customers include commercial and industrial businesses, contractors, government agencies, institutions, telecommunications providers, and utilities. WESCO operates 11 fully automated distribution centers and approximately 800 warehouse/branch locations in North America and more than 50 countries around the world, providing a local presence for customers and a global network to serve multi-location businesses and multi-national corporations.

To see additional opportunities with Wesco, please visit their careers site at: www.wesco.com/careers

Apply now     

Our Blue Book!

Some companies have mission statements, some have employee policies.....we have the Blue Book.

"Enthusiasm is the greatest business asset in the world. It beats money, power and influence." Read more to find out if Anixter's business style is a good fit for you.

Join our Talent Community

See the latest jobs, news and events by joining our talent community:

Job Locations

{{alert.msg}}
Powered By Ongig
1.888.264.9784
Description Qty:

Product Label/Description

  • Manufacturer #
  • Anixter #

Invalid Quantity
Submit

Cannot add any more items