Vendor Risk Analyst

Company: University of Minnesota
Location: Saint Paul
Posted on: March 16, 2023

Job Description:

Apply for JobJob ID354211
LocationTwin Cities
Job FamilyInformation Technology
Full/Part TimeFull-Time
Regular/TemporaryRegular
Job Code9703SG
Employee ClassAcad Prof and Admin
Add to Favorite JobsEmail this JobAbout the Job


Salary Range: $100,000 - $115,000*Please note, this position is not eligible for H-1B or Green Card sponsorship.

At the University of Minnesota, we are dedicated to changing lives through education, research, and outreach. The University Information Security department (UIS) offers an environment of trust, collaboration, and mission-focused work. We seek an individual who will be a subject matter expert, responsible for performing, and expanding information security reviews of third parties that collect, manage or access University data, during initial procurement and periodically throughout the contract lifecycle. This individual will also be responsible for ensuring that reviews are in alignment with potential risk, and issues identified through vendor reviews are resolved and that agreed-upon controls remain in place.

We Offer:

• University paid contribution (10% of your salary) to your retirement account - vested immediately.
• 22 paid vacation days per year, in addition to sick leave and 11 paid holidays.
• Reduced tuition opportunities covering 75% - 100% of eligible tuition.
• Excellent and affordable health care benefits.
• Wellness program with the opportunity to earn lower health care rates.
• Free disability insurance.
• Annual merit increase program.
  Job Responsibilities:
  • Direct and scale the security review process to ensure alignment with potential risk and compliance needs
  • Provide security review guidance to other team members and/or vendor partners
  • Conduct security reviews of third parties in a timely manner, through defined processes and tools, identifying risks where controls don't measure up to University information security requirements.
  • Drive remediation of risks related to completed third party security reviews.
  • Facilitate the vendor management process by working with other information security staff to evaluate vendor risks, coordinating communication with the risk owner and vendor, and ensuring proper approval of risk exceptions if necessary.
  • Participate in Request for Proposal (RFP) / Request for Information (RFI) process.
  • Develop vendor assessment and tracking processes and procedures using the University Governance Risk and Compliance (GRC) tool.
  • Escalate security issues where appropriate.
  • Collaborate and consult with a variety of faculty/staff across the University, including the vendor relationship owner, privacy office, purchasing, and general counsel office during the evaluation of potential vendors and during contract renewal for existing vendors.
  • Ensure review processes are properly defined and formally documented for consistent execution.
  • Identify opportunities for process improvements to deliver increased operational efficiency.
  • Maintain strong knowledge of security-related regulations and standards (e.g. HIPAA, PCI DSS, and NIST) and security control structures (e.g. ISO 27001/27002).
    Qualifications
    
    
    *Please document qualifications on resume
    Required Qualifications:
    • Bachelor's degree and 4 years of relevant work experience or a comparable combination of education, training, and experience.
    • Strong analytical and problem-solving skills.
    • Demonstrated experience in one or more of the following:
    • Regulatory compliance
    • Information security risk assessment
    • Third-party vendor review
    • Information technology audit
    • Knowledge of diverse IT architectures and enterprise IT data centers, external hosted services, and cloud computing environments.
    • Demonstrated process improvement and/or process design experience
    • Excellent communication (oral, written, presentation), interpersonal, and consultative skills.
      About the Department
      
      
      Office of Information Technology:Interested in a career with one of the nation's largest universities? The University of Minnesota is an institution dedicated to changing lives through research, education, and outreach. The Office of Information Technology (OIT) - the University's central IT department - works to support and advance this mission and to support overall academic advancement. Our dedicated IT professionals connect students, faculty, and staff with innovative services to meet their teaching, learning, research, and administrative needs. The Office of Information Technology offers an environment of trust, collaboration, and mission-focused work. Join us and support innovation and engagement through technology!
      How To Apply
      
      
      Applications must be submitted online. To be considered for this position, please click the Apply button and follow the instructions. You will be given the opportunity to complete an online application for the position and attach a cover letter and resume.Additional documents may be attached after application by accessing your "My Job Applications" page and uploading documents in the "My Cover Letters and Attachments" section.To request an accommodation during the application process, please e-mail employ@umn.edu or call (612) 624-UOHR (8647).
      Diversity
      
      
      The University recognizes and values the importance of diversity and inclusion in enriching the employment experience of its employees and in supporting the academic mission. The University is committed to attracting and retaining employees with varying identities and backgrounds.The University of Minnesota provides equal access to and opportunity in its programs, facilities, and employment without regard to race, color, creed, religion, national origin, gender, age, marital status, disability, public assistance status, veteran status, sexual orientation, gender identity, or gender expression. To learn more about diversity at the U: http://diversity.umn.edu.
      Employment Requirements
      
      
      Any offer of employment is contingent upon the successful completion of a background check. Our presumption is that prospective employees are eligible to work here. Criminal convictions do not automatically disqualify finalists from employment.
      
      Please note: All employees at the University of Minnesota are required to comply with the University's Administrative Policy: COVID-19 Vaccination and Safety Protocol by either providing proof of being fully vaccinated on their first day of employment, or complete a request for an exemption for medical exemption or religious reasons. To learn more please visit:
      About the U of M
      
      
      The University of Minnesota, Twin Cities (UMTC)The University of Minnesota, Twin Cities (UMTC), is among the largest public research universities in the country, offering undergraduate, graduate, and professional students a multitude of opportunities for study and research. Located at the heart of one of the nation's most vibrant, diverse metropolitan communities, students on the campuses in Minneapolis and St. Paul benefit from extensive partnerships with world-renowned health centers, international corporations, government agencies, and arts, nonprofit, and public service organizations.
      

Keywords: University of Minnesota, St. Paul , Vendor Risk Analyst, Professions , Saint Paul, Minnesota