Information Security Risk Manager

**The Opportunity**:We are looking for an experienced **Information Security Risk Manager** to join our team. In this role, you will be responsible for managing the information security risk management program including risk assessments of third-party vendors and suppliers to ensure compliance with the company’s security policies, standards, and industry regulations. You will work closely with internal stakeholders and external vendors to assess, mitigate, and monitor risks associated with third-party risks associated with our business and technical relationships, ensuring the protection of sensitive data and company assets.**Key Responsibilities**:- ** Third-Party Risk Assessments**:- Lead and conduct thorough security assessments of vendors and suppliers to evaluate their information security posture and practices.- Assess third-party compliance with the company’s security requirements and industry standards (e.g., ISO 27001, SOC 2, NIST, GDPR, HIPAA).- Review and analyze security questionnaires, audit reports, and vendor responses to identify risks and gaps.- ** Risk Mitigation and Remediation**:- Identify, document, and prioritize security risks associated with third-party vendors and suppliers.- Work with vendors to develop action plans and remediation strategies to address security gaps or vulnerabilities.- Monitor and track the implementation of corrective actions to ensure timely resolution.- ** Vendor Management and Collaboration**:- Collaborate with procurement, legal, and vendor management teams to integrate security requirements into vendor contracts and service-level agreements (SLAs).- Ensure that security and compliance requirements are included in vendor contracts, and that vendors meet agreed-upon security standards throughout the engagement lifecycle.- ** Compliance Monitoring**:- Monitor and track the ongoing compliance of vendors with the company’s security policies and industry regulations.- Provide regular updates and reports to senior management on the status of third-party security risks and compliance.- Stay current on changes in security regulations and standards and ensure third-party compliance with evolving legal and regulatory requirements.- ** Security Audits and Documentation**:- Manage and perform security assessments of third-party vendors and suppliers to validate their security posture and controls.- Maintain comprehensive records of risk assessments, vendor assessments, audit findings, and corrective actions taken.- ** Continuous Improvement**:- Develop and refine third-party risk management processes, tools, and templates to streamline assessments and improve efficiency.- Stay informed on emerging security threats and trends to proactively address new risks posed by third-party vendors.- ** Training and Awareness**:- Educate internal teams on third-party risk management best practices and ensure alignment with overall security objectives.- Provide guidance and support to vendors as needed to improve their security posture.**Qualifications**:- ** Education**:- Bachelor’s degree in Information Security, Information Technology, Business Administration, or a related field. A Master’s degree is a plus.- ** Experience**:- 4+ years of experience in information security, with a focus on third-party risk management, vendor risk assessments, or related fields.- Demonstrated experience in assessing and managing third-party security risks and compliance requirements.- Familiarity with industry standards and frameworks such as ISO 27001, NIST, SOC 2, GDPR, and HIPAA.- ** Certifications**:- Certifications such as CISSP, CISM, CISA, CRISC, or similar security-focused certifications are strongly preferred.- ** Skills**:- Strong analytical skills with the ability to assess complex security risks and develop risk mitigation strategies.- Excellent communication skills, with the ability to work effectively with both technical and non-technical stakeholders.- Proficiency in using risk management tools, frameworks, and security assessment methodologies.- Strong attention to detail and the ability to prioritize tasks effectively.- Ability to influence and collaborate with external vendors to implement security best practices.**Preferred Qualifications**:- Experience in managing third-party risks in regulated industries (e.g., healthcare, finance, or government).- Familiarity with third-party risk management platforms and tools.- Strong project management skills and the ability to handle multiple vendor assessments simultaneously.**Disclaimer**:The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position. Avantor is proud to be an equal opportunity employer.**Why Avantor?****Dare to go further i