3rd Party Risk Analyst - Enterprise Information Security - Bellevue

Posted Date: Nov- 2-2018

Job ID: 12292

Job Type: Full Time

Job Function: Legal

City: Bellevue

State: Washington

Store: Eastgate Headquarters


What's cool about this job

As the 3rd Party Cybersecurity Risk Analyst, you will be accountable for identifying, analyzing, and monitoring information security risks for all Co-op technology vendors. You will review and assess each vendor’s information security posture, ensuring proper due diligence in selecting the 3rd party from a cybersecurity standpoint. As part of a cross-functional enterprise security risk management team, you will identify risks associated with each 3rd party and report a final risk rating to internal business and technical stakeholders. You will design and implement a system to track all 3rd party risks in a central database or risk management system, and provide recommendations to reduce risk to the business and 3rd party in a timely and actionable manner. You will identify and communicate security risks to both business and risk management audiences, and conduct annual reassessments as needed. The 3rd Party Cybersecurity Risk Analyst will work with Privacy, Compliance, Cybersecurity, Business Owners, and their IT Partners to as part of an internal service model that allows the business to track, manage, and mitigate key information security risks and maintain alignment with the Co-op’s overall cybersecurity threat management strategy. This is not an operational security role.


Responsibilities:
  • Ensure third party controls meet regulatory and organization cybersecurity standards.
  • Identify and track internal ownership of 3rd party cybersecurity risks.
  • Track vendor security controls needed to mitigate risk and status of risk remediations and work with 3rd party or internal relationship managers to improve 3rd party controls.
  • Remain informed about the latest security and technology trends to determine potential cybersecurity risks posed by utilizing various vendor services.
  • Partner with Strategic Sourcing and Legal to track contracts that outline the security responsibilities for all 3rd parties.
  • Work with Legal to validate security requirements outlined in vendor contracts.
  • Conduct ongoing monitoring of the 3rd party security posture and performance.
  • Create and communicate documentation and reports that demonstrate accountability and enable continuous monitoring of 3rd party cybersecurity risks.
  • Identify and track internal risk and relationship owners for all 3rd party technology vendors.

Third-Party Cybersecurity Risk Analyst must:

  • Execute assigned tasks and responsibilities while ensuring timely completion and a professional work product.
  • Demonstrate an ability to work independently while representing the services of the department with the highest level of professionalism.
  • Identify opportunities to create additional value for internal customers and partners through continuous improvement.

Bring your passion and expertise

  • Bachelor's degree, or equivalent work experience
  • 3-5 years of applicable work experience, including 3rd party/vendor risk management and/or cybersecurity risk management or compliance
  • Excellent verbal and written communication skills
  • Excellent organizational and program management skills

Why you'll love it here

We’re a passionate community of people who believe in one simple truth: an outdoor life is a life well-lived. REI is a co-op, born in the mountains of the Pacific Northwest in 1938. We’re here to help our over 6 million active members have amazing experiences outside—and do the same ourselves. Bring your creativity, customer focus and enthusiasm for living life outdoors—we can’t wait to meet you!

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

NEW YORK CORRECTION LAW
ARTICLE 23-A, Section 753
LICENSURE AND EMPLOYMENT OF PERSONS PREVIOUSLY CONVICTED OF ONE OR MORE CRIMINAL OFFENSES

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.