Apply on Kit Job: kitjob.in/job/46fiia

The Vendor Risk Management Analyst supports client's Organizational Risk, Resilience, Compliance and Audit (ORRCA) team by executing the vendor and partner risk management program. This role conducts third-party risk assessments, reviews control environments, and monitors ongoing risk across vendors that support client's operations.

n

The Analyst evaluates privacy, security, compliance, operational, and financial risk against global requirements, including GDPR, PIPEDA, and U.S. and UK/EMEA privacy laws. This role documents findings, communicates risk clearly, and partners with stakeholders to drive remediation and reduce third-party risk.

n

Responsibilities

n

- Own end-to-end third-party risk assessments for new and existing vendors by applying a risk-based framework aligned to ORRCA standards and global regulatory requirements.
- Review and evaluate control documentation, including SOC 1 and SOC 2 Type II reports, penetration test summaries, ISO 27001 certifications, Shared Assessments SIG and CAIQ questionnaires, policies, and other due diligence materials.
- Identify and assess privacy, security, operational, compliance, financial, and resilience risks against frameworks such as NIST Cybersecurity Framework, NIST AI Risk Management Framework, ISO 27001, and PCI DSS, and applicable global privacy laws.
- Document risk findings, assign risk ratings, and develop remediation recommendations in partnership with vendors and internal stakeholders.
- Lead risk review meetings with business owners and third parties to communicate findings, track remediation,



and drive timely risk resolution.
- Provide risk input to Legal and Procurement during contract review by identifying required security, privacy, and compliance provisions.
- Perform ongoing monitoring of vendor risk by conducting periodic reassessments, tracking issues, and reporting risk status and trends to ORRCA leadership.

Requirements:n
- Bachelor's degree in risk management, compliance, business, or a related field; or equivalent practical experience.
- 3–5 years of experience in vendor risk management, third-party risk, audit, compliance, or a related discipline.
- Experience conducting end-to-end risk assessments using established frameworks and reviewing control documentation such as SOC 1 and SOC 2 Type II reports, penetration test summaries, ISO 27001 certifications, and Shared Assessments SIG or CAIQ questionnaires.
- Working knowledge of global privacy regulations, including GDPR, PIPEDA, U.S. privacy laws, and UK and EMEA data protection requirements.
- Working knowledge of security and risk frameworks such as NIST Cybersecurity Framework, NIST AI Risk Management Framework, ISO 27001, and PCI DSS.
- Solid analytical skills with the ability to assess risk, evaluate control effectiveness, and recommend remediation within defined standards.
- Ability to explain risk findings clearly to technical and non-technical stakeholders.
- Candidate must reside in India
- Ability to work flexible hours to support global business needs, including collaboration across India and U.S. time zones.

Apply on Kit Job: kitjob.in/job/46fiia

📌 Vendor Risk Management Analyst (Raipur)
🏢 Bee Talent Solutions
📍 Raipur