Cyber Security Third Party Risk Analyst-1

The Third-Party Security Risk Analyst will be responsible for executing and maintaining DXC’s global Cyber Security Third-Party Risk Management program. They will work daily with Supply Chain Management, Legal, Privacy, Sales and other business functions to assess vendors’ information security posture, identify compliance concerns, document information security risk and work with the business on risk mitigation plans. The Risk Analyst will be working with the business and technical organizations globally across multiple geographies and industries. They must be a team player and leader that has a history of risk management, is extremely effective at communicating information security controls with the business and working collaboratively across a matrixed organization resulting in the reduction of information security risk for the company. This position will be responsible for accurately capturing, communicating, and managing the risk posture of the organization. Experience and knowledge of working with both qualitative and quantitative risk methodologies is highly preferred.

**Detailed Responsibilities**:

- Fulfill the role of Third-Party Risk Management Information Security Subject Matter Expert.
- Quickly triage vendors and other third-parties in accordance with DXC information security policies and industry best practices.
- Carry out information security risk assessments of vendors and the services they provide.
- Provide contract support and consultancy with respect to both DXC contract wording and vendor provided contracts and/or terms and conditions.
- Meet regularly with internal customers (colleagues) and vendors’ representatives in order to support reviews, assessments, recommendations, and remediation activities.
- Assist the business with the formulation of risk mitigation plans.
- Maintain a record of all interactions within DXC’s established vendor risk management platform.
- Build and establish good working relationships and to become a trusted information security risk partner.
- Actively manage open risks, issues, queues with reference to service levels and/or due dates.
- Escalate problems or issues to management where necessary.
- Recommend improvements to Third Party Risk Management process, procedure, documentation, and platform.
- Work with other DXC Risk teams to ensure alignment and consistency of approach in order to identify, manage, and reduce risk.
- Work flexibly with respect to time management to ensure team availability across the time zones that DXC operate.

**Skills**
- Strong communication and business relationship skills at all levels of the organization.
- Delivery-focused mindset that will be able to work in a fast-paced environment with shifting priorities.
- Knowledge of a wide variety of information security concepts, services, and technologies.
- Maintains a solid understanding of information security risk, controls mapping, and business processes.
- GRC Tool management (ServiceNow, Archer or similar system).
- Possess familiarity with information security policies and standards.
- Able to act independently when making technical or business decisions.

**Education and Experience**
- 5+ years of relevant experience desired.
- Minimum 3 years of experience conducting risk assessments using risk and control frameworks including ISO, NIST or other industry standard.
- Demonstrated work history on enterprise-wide projects or initiatives with global scope.
- Professional security certification or qualification such as CTPRP, CISA, CRISC, CISM, CISSP or relevant related experience preferred.