About Opendoor
About the Role
As a Senior GRC Analyst, you will play a key role in safeguarding the organization against potential risks associated with third-party vendors. You will be responsible for evaluating the security posture of third-party vendors, assessing associated risks, and ensuring compliance with legal and regulatory requirements. Your expertise will be crucial in establishing and maintaining effective relationships with vendors to address security concerns and enforce security requirements. Additionally, you will develop and implement a framework to continuously monitor vendors' security performance and facilitate collaboration between various stakeholders to ensure comprehensive risk management.
Responsibilities:
- Evaluate third-party vendors' security posture and conduct risk assessments to identify potential vulnerabilities and threats to the organization.
- Ensure compliance with legal and regulatory requirements related to third-party contracts, including data protection, privacy, and security standards.
- Develop and implement a framework to continuously monitor third-party vendors' security performance, including regular audits and assessments.
- Collaborate with IT, Engineering, People, and Legal stakeholders to communicate security requirements, address concerns, and facilitate the resolution of security-related issues.
- Provide guidance and support to internal teams on third-party risk management best practices and procedures.
- Stay informed about industry trends, emerging threats, and regulatory changes related to third-party risk management, and incorporate relevant insights into risk mitigation strategies.
Required Experience:
- Minimum of 4 years of experience in third-party risk management, vendor risk assessment, or related field.
- Demonstrated ability to evaluate third-party vendors' security posture and assess associated risks to the organization.
- Proven skill in establishing and maintaining effective relationships with third-party vendors to address security concerns and enforce security requirements.
- Experience in developing and implementing frameworks to continuously monitor third-party vendors' security performance.
- Excellent communication skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
- Strong analytical and problem-solving skills, with the ability to identify and mitigate risks effectively.
Preferred Experience:
- Management consulting experience is a big plus.
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) are preferred.
#LI-NR2 , #LI-Hybrid