Sep 25, 2024

Analyst - IT Vendor Risk Management

Full time Information Technology

Job Description

Overview

Connecting clients to markets – and talent to opportunity with 4,300 employees and over 400,000 retail and institutional clients from more than 80 offices spread across five continents, we’re a Fortune-100, Nasdaq-listed provider, connecting clients to the global markets – focusing on innovation, human connection, and providing world-class products and services to all types of investors. 

Whether you want to forge a career connecting our retail clients to potential trading opportunities, or ingrain yourself in the world of institutional investing, The StoneX Group is made up of four segments that offer endless potential for progression and growth. 

 

Business Segment Overview 

 

Retail: Empower individual investors – and yourself – in the world of retail through a range of different financial products rooted in innovation and market intelligence. From FX and CFDs to precious metals, master an exciting world of wealth management tools.

Working within the IT organization and reporting to the IT Vendor Risk Management - Manager, the Analyst is responsible to help support the day-to-day operations related to the IT Vendor Risk Management Program. You will assist with vendor risk analysis to ensure vendors have the proper cyber and data protection controls to minimize exposure risk to the firm.

 

Responsibilities

Job Purpose:

Working within the IT organization and reporting to the IT Vendor Risk Management - Manager, the Analyst is responsible to help support the day-to-day operations related to the IT Vendor Risk Management Program. You will assist with vendor risk analysis to ensure vendors have the proper cyber and data protection controls to minimize exposure risk to the firm.

 

The analyst will create impact in the following ways:

You will work with a team of security professionals to ensure that the firm’s third-party vendors are cyber security and protecting data in accordance with regulatory and legislative requirements. All of this with the goal of minimizing the firm’s cyber risk exposure.

 

 

Major Responsibilities:

  • Respond to incoming requests for vendor assessment submitted by business owners.
  • Analyze and asses initial scope of exposure by meeting with business owners.
  • Coordinate all information and document gathering with vendor point of contact.
  • Review and analyze all vendor submitted evidence and artifacts to determine control posture.
  • Finalize and issue recommendation and net risk score.
  • Work with legal contracts team to assist with finalizing agreement to include appropriate security and data protection language.
  • Tag vendor with appropriate risk tier to determine next reassessment date.
  • Monitor vendors in Security Scorecard for real time monitoring and remediation follow up.
  • Work with vendors to remediate BitSight or Security Scorecard vulnerabilities.
  • Manage VRM lifecycle within the vendor risk management platform.
  • Ensure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements.
  • Design and implement an effective exception process to facilitate and manage requests for non-compliance with policies and standards.
  • Coordinate with legal, compliance functions to ensure proper implementation of data privacy legislation and disclosure.
  • Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
  • Manage tracking of identified findings and actions to closure and reporting to leadership.
  • Ability to step into a team lead role in the future.

Qualifications

The right candidate will do this by bringing their education and professional experience in the following spaces:

Required:

  • Bachelor’s degree.
  • Minimum of 2 to 5 years of relevant experience, preferably in financial services.
  • Strong background in information technology with a clear understanding of the challenges of information security.
  • Relevant experience in the GRC or IT Vendor Risk Management/Assessment space. Good understanding of information security risk management frameworks such as ISO 27001, COBIT, NIST, NIST 800-53, etc.
  • Strong written and verbal communication and presentation skills, and ability to work with all levels of the organization.
  • Excellent leadership and teamwork skills.
  • Team player with the ability to work independently.
  • Resourceful, energetic, self-starter, flexible, goal-oriented
  • Strong personal integrity

Preferred:

  • Master’s degree
  • Experience having implemented or worked with OneTrust Vendor Risk Management solution.
  • Experience with Security Scorecard.
  • Demonstrated understanding of secure, complex information systems’ environment in a global financial service sell side environment.
  • Direct experience with regulatory compliance reviews and examinations.
  • Current Information Security Certification (e.g. CISSP, CISM, CISA, or related security certification) preferred.
  • Project and program management skills.
  • Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.
  • Ability to influence others.