Fragomen is seeking a Third-Party Vendor Risk Analyst in our Technology & Innovation Lab in Pittsburgh, PA.
A Fragomen career gives you the opportunity to work with a smart, motivated and diverse peer group. Our exclusive focus on immigration means you will practice in an exciting, ever-changing and challenging environment with people who are passionate about immigration. Working in a collegial, team-oriented environment, Fragomen employees learn from the industry's leading experts. Our firm commitment to quality and best practices is supported by technological innovation that benefits our clients and staff.
Fragomen strongly affirms that the demonstration of data security and privacy is critical to meet our obligations to our clients and is a business distinguisher in this competitive market. A professional, passionate about data privacy and security, who understands how to discover and evaluate risk, particularly within third-party relationships, knowledgeable of the global regulatory landscape, and capable of communicating the firm’s efforts in this area, is what we seek. You will be joining a small team of risk professionals, who will help make data privacy and security a distinguishing factor in our technological offerings. A successful candidate will demonstrate these competencies, have strong organizational skills to orchestrate a large volume of third-party relationships and excellent communication skills to communicate our security and data privacy efforts to our global partners.
The Third-Party Vendor Risk Analyst will work as a member of a small, dedicated Third-Party Vendor Management Team. This team will develop a risk-oriented, third-party vendor evaluation program, including identifying risk with specific vendors, raising them for mitigation or acceptance, and developing findings based on evaluation trends to be address centrally by the Firm, among other capabilities.
Assist in the redesign and implement the core analysis processes associated with a third-party risk management program that identifies and resolves potential risk to the Firms operations.
Conduct data analysis of various sources to identify third party vendors, determine their potential to introduce material risk to the Firm and develop an engagement policy that rates risks on various factors.
Assist in the vendor due diligence process by ensuring security and data privacy requirements are maintain in contractual relationships and continuously monitored.
Steward the relationship owner in the conduct of a risk assessment oriented on security and data privacy standards in order to highlight potential risk and assist in mitigating the risk to acceptable levels.
Identify through the risk assessment process, trends which could be addressed through firm level initiatives.
Collaborate with our Partner teams, Information Security, Information Technology, the Office of Privacy and Audit, and the Office of General Counsel to establish a common understanding of the risk profiles related to our most critical third-party relationships and our clients’ expectations.
Provide metrics on the third-party risk vendor program that demonstrate the level of effort and completeness of this team’s activity.
Current CRISC, CISA, CISM preferred. CIA and/or CISSP is a plus.
Total of 7 years of experience or more in the compliance field based on work history and/or education.
Demonstrated knowledge of Data Privacy and Information Security regulatory landscape and trends in third party vendor requirements.
Strong understanding of security certifications such as SOC2, PCI, and ISO27000 series requirements.
Knowledge of IT auditing principles.
Working knowledge of any industry GRC tool such as Archer, MetricStream, Riskonnect, etc., a plus.
Fragomen is the leading firm dedicated exclusively to immigration services worldwide. Our more than 50 offices and over 3,750 employees are strategically located in key commercial centers throughout the Americas, Europe, Asia Pacific, the Middle East and Africa. This expansive reach allows us to provide services in more than 170 countries.