Senior Security Analyst
DRG Professional Services is currently seeking a Sr. Security Analyst - Vendor Management to work for a well known client in downtown Oklahoma City.
The Sr. Security Analyst will provide support for Cybersecurity Team Initiatives by creating a framework to identify all vendors that have access to confidential information or systems and review their access, controls, and contractual terms. This includes a general management of all Cybersecurity partners implementing Security Scorecard process/tool for all.
Define, document and implement processes and communications for onboarding partners, including Non-Disclosure Agreements (NDA), Contracts, Contract Reviews and Technical reviews
Monitor performance parameters (Service Level Agreements (SLA) and other metrics) and guiding principles for partners’ delivery of security solutions products and/or services in support of business goals
Set up requirements and framework to manage Quarterly Business Review (QBR) process for key partners
Conduct relevant research, data analysis, and create reports
Identify and implement tools/process to monitor/measure partner risks from the Cybersecurity perspective
Create and implement framework to govern all vendor partners. This includes:
* Required documentation (e.g. NDA, Contracts)
* Contract & Technical Reviews
* SLA/Metric Reporting & Monitoring (Cybersecurity Partners)
* QBRs (Cybersecurity Partners)
Establish standards and guidelines for vendors; monitoring vendors to ensure these policies are being followed
Recommend process and/or tools for implementing a security scorecard for all of Sonic’s partners (not limited to Cybersecurity)
Upon approval, implement processes and tools security scorecard for the company
Work with the Data Protection and Privacy team to identify areas where Vendors may have access to or control of Data belonging to company and ensure that in such cases controls are implemented and tested with all third parties.
Build Vendor off-boarding plans to ensure appropriate assets are recovered and eliminated from all Vendors.
Cultivate and maintain relationships with Cybersecurity vendors by communicating with them frequently to answer questions and check their satisfaction levels.
- Bachelor's degree preferred and/or combination or prior work experience in the field of information security and/or vendor management
- Four (4) years related experience in an information security focused role with exposure to enterprise environments and practices or similar experience in an IT/technical field.
- Experience managing overall governance of all Cybersecurity vendor partners operating in Cybersecurity or IT
- Experience with vendor scorecards; prefer experience with Cybersecurity scorecards
- Prior Quick Service Restaurant experience, a plus
- Preferred Certifications CISSP, CCNA, CISM, CISA and/or combination of education and professional experience
- Familiar with generally accepted information security practices and regulations, such as NIST, ISO 27001, PCI, and SOX
- Strong analytical skills, detail orientated
- Strong customer service skills
- Must be self-motivated and driven to create from little or nothing
- Quick to learn new systems and products
- Experience with large-scale organizational change efforts
- Able to work effectively at all levels in an organization
The Company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, genetic information or any other characteristic protected by law.