Sorry, this job is no longer accepting applications. See below for more jobs that match what you’re looking for!

Supplier Risk Management (Srm) Analyst - IBM Ciso

Expired Job

IBM Corporation Research Triangle Park , NC 27709

Posted 2 months ago

Job Description:

Position: Supplier Risk Management (SRM) Analyst

Location: Must be able to work onsite in Raleigh, NC or Herndon, VA (Relocation assistance not provided)The Supplier Risk Management (SRM) Analyst is responsible for supporting the activities related to IBM's Third-Party Risk Management program, responsible for implementing and executing VRM (Vendor Risk Management) across IBM. The goal being to ensure business owners understand, engage the SRM process, and monitor their respective suppliers strategic fit, risk management controls, data security, potential changes, compliance with regulatory requirements, and alignment of priorities. The analyst must identify and communicate to business the associated risks of supplier provided processes and services in support of operations ranging from low-risk to critical suppliers.

Job Responsibilities:

  • Support the TPRM Program to effectively manage supplier risk in accordance with internal policy and regulatory requirements, ensure strong oversight of all supplier risks and provide visibility of existing and emerging risks.

  • Perform initial and periodic risk assessments, and other necessary reviews, to identify, measure and manage third party risks.

  • Effectively utilize available evidence including SOC 2 Type 2 reports, ISO 27001 framework certifications, questionnaires, shared intelligence reports such as SIG, commercially available scorecards, etc. to perform risk assessments.

  • Identify, categorize and evaluate "critical" and "Non-critical", using a "Risk-Based Standard", for potential or current service providers; delivering to the company leadership a risk-based ranking of business processes and services which are provided by an independent third party.

  • Based upon risk classification, complete analysis of risk factors for IBM suppliers (including any subcontractors with access to IBM data) and ensure the respective business owners are monitoring, reviewing, and mitigating risk associated with service providers using risk factors identified in pertinent IBM standards; for example: Regulatory Compliance, Legal, Financial Stability, Reputation, Operational, Business Continuity/Disaster Recovery, and Information Security.

  • Provide dedicated support, integrated with the IBM Procurement system, to the onboarding and oversight of all new and existing third-party supplier relationships.

  • Develop, or assist in the enhancement of, the due diligence process to review the control effectiveness of each applicable risk, new and existing.

  • Partner and coordinate closely with internal stakeholder areas (i.e. Business units, Corporate Information Security, Procurement, Internal Audit, Legal, etc.) to facilitate and assess third party relationships.

  • Develop, or assist in the enhancement of, oversight activities for all new and existing third-party relationships.

  • Maintain accountability for accuracy and completeness within the TPRM's system of record.

  • Assist with regulatory, internal or other third-party audit requests.

  • Prepare regular reporting on vendor risk exposure for all related TPRM activities, and prepare reports upon other request.

  • Communicate to business units and cross-functional teams regarding significant third-party events and escalate to senior management, when applicable.

  • Contribute within highly collaborative team discussions to support ongoing program enhancements while promoting a positive and energetic agile team culture.

  • Complete risk analysis from on-site assessment data, with the assistance of the business and Internal Audit, for critical suppliers.

  • Working with the appropriate business users and experts, ensure that for any identified risk that require mitigating action, including vendor disengagement/replacement, a plan is developed and executed.

  • Maintain established relationships with the Business Unit and applicable stakeholders to ensure proper execution and compliance with TPRM standards, policies, and procedures.

  • Act as a subject matter expert to assist the business in identifying and mitigating risks on their supplier relationships.

  • Promote supplier risk awareness to IBM Business Units and stakeholders.

General Skills:

  • Analytical and conceptual thinking using logic and reason, creative and strategic

  • Attention to detail, consistency, dependability.

  • Ability to multi-task and prioritize competing deliverables.

  • Communication skills interpersonal, presentation, verbal clarity, and written

  • Influencing and negotiation skills

  • Problem solving

  • Resource management

  • Able to work independently

  • Skilled in the use of workstation software, i.e. MS Office, web apps, etc.

Required Education

Bachelor's Degree

Employment Type


Preferred Education

Bachelor's Degree

See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cybersecurity Vulnerability Analyst IBM Ciso

IBM Corporation

Posted 4 days ago

VIEW JOBS 12/7/2018 12:00:00 AM 2019-03-07T00:00 Job Description The IBM Global Chief Information Security Organization (IBM CISO) is seeking a highly self-motivated leader who is passionate about security and vulnerability management to join the dynamic IBM CISO Vulnerability Management (VM) team. YOUR ROLE The Cybersecurity Vulnerability Analyst will implement and enhance IBM's vulnerability management policies, standards, and processes including existing PSIRT (Product Security Incident Response Team). This role is a part of an exciting fast paced corporate security team. Security is one of IBM's critical pillars and the position offers great visibility. In this role, you will be part of a fast-paced Agile team collaborating closely with IBM CISO VM solution engineers to drive solutions and proper vulnerability management across all business units to reduce risk to IBM and customers. Successful candidates will be innovative thinkers and possess out-of-the box thinking to improve effectiveness of security teams in an ever-changing environment. YOUR RESPONSIBILITIES * Define and document IBM Vulnerability Management policies, standards, and processes * Manage real-time security vulnerabilities, conduct assessments, and assess vulnerability risk and impact * Lead and coordinate cross-functional teams to handle urgent security vulnerability events * Work with third-parties that report vulnerabilities and coordinate resolution * Identify, Assess, and Validate vulnerabilities with strong technical understanding of security vulnerabilities to assess impact * Manage and drive IBM asset owners to remediate their vulnerabilities within remediation timelines, determine deviations, and escalate when needed * Communicate, create, and report vulnerability status and metrics to IBM Executives and Business Unit BISOs stakeholders at all levels * Gather user requirements and influence design, development, enhancements of VM tools * Drive user community adoption of Vulnerability Management tools and provide support * Research information security trends, standards and practices to enhance vulnerability management YOUR ABILITIES & SKILLS * Ability to identify systemic security issues based on the analysis of vulnerability and configuration data. * Ability to share meaningful insights about the context of an organization's threat environment that improve its risk management posture. * Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). * Skilled in conducting vulnerability scans and recognizing vulnerabilities in security systems; conducting application vulnerability assessments and performing impact/risk assessments. * Ability to develop insights about the context of an organization's threat environment No remote opportunities exist - Must be able to work onsite in Raleigh, NC Must have the ability to work in the US without current/future need for IBM sponsorship Your life at IBM Impact. Inclusion. Infinence. Together, these themes provide the foundation of the experiences of all IBMers, and represent the value inherent in a career with IBM. Our work is truly life changing - from helping to cure diseases, predict weather, to cleaning oceans and beyond. Our culture of openness, collaboration, trust, invites everyone to have a voice. Careers are made from experiences. At IBM, those experiences can be diverse, unlimited and far-reaching so you can truly discover your true passion – without ever changing the company. Required Education Bachelor's Degree Employment Type Full-Time Preferred Education None IBM Corporation Research Triangle Park NC

Supplier Risk Management (Srm) Analyst - IBM Ciso

Expired Job

IBM Corporation