Position: Supplier Risk Management (SRM) Analyst
Location: Must be able to work onsite in Raleigh, NC or Herndon, VA (Relocation assistance not provided)The Supplier Risk Management (SRM) Analyst is responsible for supporting the activities related to IBM's Third-Party Risk Management program, responsible for implementing and executing VRM (Vendor Risk Management) across IBM. The goal being to ensure business owners understand, engage the SRM process, and monitor their respective suppliers strategic fit, risk management controls, data security, potential changes, compliance with regulatory requirements, and alignment of priorities. The analyst must identify and communicate to business the associated risks of supplier provided processes and services in support of operations ranging from low-risk to critical suppliers.
Support the TPRM Program to effectively manage supplier risk in accordance with internal policy and regulatory requirements, ensure strong oversight of all supplier risks and provide visibility of existing and emerging risks.
Perform initial and periodic risk assessments, and other necessary reviews, to identify, measure and manage third party risks.
Effectively utilize available evidence including SOC 2 Type 2 reports, ISO 27001 framework certifications, questionnaires, shared intelligence reports such as SIG, commercially available scorecards, etc. to perform risk assessments.
Identify, categorize and evaluate "critical" and "Non-critical", using a "Risk-Based Standard", for potential or current service providers; delivering to the company leadership a risk-based ranking of business processes and services which are provided by an independent third party.
Based upon risk classification, complete analysis of risk factors for IBM suppliers (including any subcontractors with access to IBM data) and ensure the respective business owners are monitoring, reviewing, and mitigating risk associated with service providers using risk factors identified in pertinent IBM standards; for example: Regulatory Compliance, Legal, Financial Stability, Reputation, Operational, Business Continuity/Disaster Recovery, and Information Security.
Provide dedicated support, integrated with the IBM Procurement system, to the onboarding and oversight of all new and existing third-party supplier relationships.
Develop, or assist in the enhancement of, the due diligence process to review the control effectiveness of each applicable risk, new and existing.
Partner and coordinate closely with internal stakeholder areas (i.e. Business units, Corporate Information Security, Procurement, Internal Audit, Legal, etc.) to facilitate and assess third party relationships.
Develop, or assist in the enhancement of, oversight activities for all new and existing third-party relationships.
Maintain accountability for accuracy and completeness within the TPRM's system of record.
Assist with regulatory, internal or other third-party audit requests.
Prepare regular reporting on vendor risk exposure for all related TPRM activities, and prepare reports upon other request.
Communicate to business units and cross-functional teams regarding significant third-party events and escalate to senior management, when applicable.
Contribute within highly collaborative team discussions to support ongoing program enhancements while promoting a positive and energetic agile team culture.
Complete risk analysis from on-site assessment data, with the assistance of the business and Internal Audit, for critical suppliers.
Working with the appropriate business users and experts, ensure that for any identified risk that require mitigating action, including vendor disengagement/replacement, a plan is developed and executed.
Maintain established relationships with the Business Unit and applicable stakeholders to ensure proper execution and compliance with TPRM standards, policies, and procedures.
Act as a subject matter expert to assist the business in identifying and mitigating risks on their supplier relationships.
Promote supplier risk awareness to IBM Business Units and stakeholders.
Analytical and conceptual thinking using logic and reason, creative and strategic
Attention to detail, consistency, dependability.
Ability to multi-task and prioritize competing deliverables.
Communication skills interpersonal, presentation, verbal clarity, and written
Influencing and negotiation skills
Able to work independently
Skilled in the use of workstation software, i.e. MS Office, web apps, etc.