SAIC has an opening for a Vendor Risk Analyst. This is a remote position.
- As part of the cybersecurity team, the selected candidate will be responsible for, execution and oversight of a cybersecurity third party risk management process.
- As part of this work, the individual will be tasked with helping to ensure that SAIC’s suppliers remains in compliance with cybersecurity third party risk management standards and industry best practices.
- These standards include required activities that must be adhered to during vendor’s lifecycle.
- This position will also play a key cybersecurity role in continuous improvement of SAIC’s procurement process related to cybersecurity concerns.
Primary responsibilities include:
- Maintain and improve SAIC’s cybersecurity third party assessment process, policies and procedures to respond and adhere to new and existing regulatory guidelines and industry best practices.
- Perform security audits for SAIC suppliers in alignment with security governance program and create corrective actions for audit findings intended to drive desired outcomes and/or behaviors.
- Facilitate third party assessment process including coordinating distribution of surveys, and gathering results.
- Assess security practices to ensure protection of the confidentiality, integrity, and availability of customer and corporate data is in line with the SAIC’s risk appetite. Types of assessment may include; review of independent audit reports, vulnerability testing, policy reviews and direct interviews.
- Continuously monitor critical third parties using a variety of tools to identify issues and work with third parties and internal stakeholders to manage remediation through resolution in a timely manner.
- Maintain central repository of vendor risk assessment conducted, including artifacts and supporting documentation.
- Participate in Procurement Request for Proposals to provide GRC insight.
- Participate and maintain documentation in support of audit reviews to ensure third party risk process complies.
- Serve as subject matter expert to identify and address key third party related risks and areas of concern associated with new and existing third parties.
- Communicate identified risks to key stakeholders and establish remediation action plans, and track and monitor identified vendor risks to closure.
- Build effective relationships with stakeholders who own and support third party relationships.
- Develop and report on key risk metrics for the third-party risk management program.
- Maintain and mature cybersecurity third-party risk tool in Service Now to deliver full third party risk management assessments and tracking.
- Maintain and mature assessment and tracking for SAIC contract subcontractor compliance with applicable federal regulations.
- Bachelor's Degree and 5+ years of experience; Master's Degree and 3+ years of experience. Additional years of experience is acceptable in lieu of a degree.
- 3+ years of experience in a vendor/risk management role required, related to the duties and responsibilities specified.
- Demonstrated experience preparing, coordinating, executing and /or managing vendor programs in collaboration with stakeholders and various lines of business strongly preferred.
- Prior experience with technical business applications, knowledge of IT infrastructure and IT risks and controls preferred.
- 3+ years of experience with Governance Risk & Compliance tools, specifically in the area of third party risk management, requirements documentation etc.
- Experience in future strategy planning to accelerate adoption of industry best practices and emerging customer requirements.
- Excellent verbal and written communication skills.
- Able to work effectively with all levels of staff and build solid relationships across our vendor base.
- Comfortable in presenting ideas and facilitate group meetings.
- Strong analytical, problem- solving, multitasking and time management skills; ability to follow through on issues to resolution.
- US Citizenship required.
- Experience with Service Now tool and how to develop requirements for improvements.
- Technical or policy experience specific to Cybersecurity.
- Technical or related certifications.
Target salary range: $75,001 - $100,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit saic.com or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.