Find A Job › Information Technology


IT Vendor Risk Analyst

  • Location: Chicago, IL
  • Job Type: Direct Placement
  • Ref No: 23-00234
  • Date: January 13, 2023
  • Pay: $80000.0 - $100000.0 per Hour USD
  • Job title:

Job Description - IT Vendor Risk Analyst


Location: Chicago, IL; Kansas City, MO

Compensation Range : $80k - $100k + bonus

A global financial firm is seeking an experienced IT Vendor Risk Analyst to be an integral part of the Security team. The IT Vendor Risk Analyst will be help support the day-to-day operations related to the IT Vendor Risk Management Program. You will assist with vendor risk analysis to ensure vendors have the proper cyber and data protection controls to minimize exposure risk to the firm. You will work with a team of security professionals to ensure that the firm's third-party vendors are cyber security and protecting data in accordance with regulatory and legislative requirements, all with the goal of minimizing the firm's cyber risk exposure. Excellent communications skills are required.


  • Respond to incoming requests for vendor assessment submitted by internal business owners.
  • Analyze and asses initial scope of exposure by meeting with business owners.
  • Coordinate all information and document gathering with vendor point of contact.
  • Review and analyze all vendor submitted evidence and artifacts to determine control posture.
  • Finalize and issue recommendation and net risk score.
  • Work with legal contracts team to assist with finalizing agreement to include appropriate security and data protection language.
  • Tag vendor with appropriate risk tier to determine next reassessment date.
  • Monitor vendors in Security Scorecard for real time monitoring and remediation follow up.
  • Work with vendors to remediate BitSight or Security Scorecard vulnerabilities.
  • Manage VRM lifecycle within the vendor risk management platform.
  • Ensure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements.
  • Design and implement an effective exception process to facilitate and manage requests for non-compliance with policies and standards.
  • Coordinate with legal, compliance functions to ensure proper implementation of data privacy legislation and disclosure.
  • Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
  • Manage tracking of identified findings and actions to closure and reporting to leadership.


  • Bachelor's degree.
  • 2+ years focusing on IT Vendor Risk, preferably within financial services.
  • Strong background in information technology with a clear understanding of the challenges of information security.
  • Relevant experience in the GRC or IT Vendor Risk Management/Assessment space.
  • Good understanding of information security risk management frameworks such as ISO 27001, COBIT, NIST, NIST 800-53, etc.
  • Team player with the ability to work independently.
  • Resourceful, energetic, self-starter, flexible, goal-oriented
  • Strong personal integrity
  • Experience having implemented or worked with OneTrust Vendor Risk Management solution is a plus.
  • Experience with Security Scorecard a plus.
  • Direct experience with regulatory compliance reviews and examinations good to have.
  • Current Information Security Certification (e.g. CISSP, CISM, CISA, or related security certification) preferred but not required.
  • Project and program management skills.
  • Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.
  • Strong written and verbal communication and presentation skills, and ability to work with all levels of the organization.

About Infinity Consulting Solutions

At Infinity Consulting Solutions our mission is to cultivate successful long term relationships with candidates and clients matching the right candidate with the right client. We believe technology cannot replace the real personal relationships we cultivate. We reject the notion that technology alone is the answer to staffing which is why we our successful partnerships rely on collaboration NOT automation. ICS has been providing flexible staffing solutions for over 20 years in Information Technology, Compliance, Accounting / Finance and Corporate Support. Our staffing solutions include Contract, Temp to Perm and Permanent Placement.

ICS is an Equal Opportunity Employer.

*W2 employees of ICS are offered comprehensive benefits including health, dental and vision.

Related Job Listings

Job Location Type Posted  
Business Systems Analyst - Hardware Delivery North Chicago, IL Direct Placement March 31
Learning & Development Microsoft 365 Suite SME North Chicago, IL Direct Placement March 30
AWS Cloud Engineer- Remote Chicago, IL Contract March 30
Global Cloud Infrastructure Engineer Chicago, IL Direct Placement March 28
IT Integration Manager Chicago, IL Contract March 28