Description:
Lead the day to day of the Cohesity Vendor Trust process in assessing new suppliers, assessing engagement risk, performing due diligence and maintaining accurate auditable records of all engagements and related risks.
Key Responsibilities/Objectives
- Lead vendor trust management lifecycle.
- Ongoing new vendor due diligence and refresh of vendor reviews/due diligence of existing vendor inventory.
- Collaborate and build cross functional partnerships with Procurement, Information Security, Legal, vendors and business functions.
- Support the Cohesity security and risk programs and remain in compliance with applicable regulations.
- Lead all daily operations related to vendor risk management.
- Maintain and evolve vendor trust policies, processes, procedures and controls.
- Manage and improve metrics and reporting for vendor risk management.
- Support evaluation, selection, implementation, and operationalization of all vendor solutions in support of Cohesity business.
- Stay informed about the latest developments in the vendor risk management field.
- Support contract negotiations with Cohesity vendors.
- Performs additional duties as the need arises.
- Become an expert on the tools used by Cohesity on vendor trust and risk management.
Experience
Related experience in one or more of the following areas:
- Risk management, Compliance and/or auditing
- Vendor Security Risk Management
- Corporate law/contracting
- Enterprise governance
- Information Security
- Software development (Networking, coding, hardening, quality control etc.).
Education
Relevant degree in Business Administration, Public Policy, Contract Management, Sourcing, Information Technology, Information Security, Data protection, Legal Studies, Risk Management, Regulatory Compliance, Audit, Computing or a related field required.
Skills
- Strong curiosity about information security.
- Strong curiosity about gaining familiarity with common information security management frameworks, such as ISO, SOC and NIST.
- Phenomenal interpersonal skills, in person, on video conference, calls, presentations and text.
- Organized and task oriented, must remain on top of tracking of due and coming due deadlines.
- Detail oriented, risk related work must be recorded in a clear and auditable manner, tools and processes must be up to date with accurate information.
- Must be able to work independently and be comfortable reaching out for support.
- Team and company success mindset.