Summary
The Vendor Security Oversight Analyst I is responsible for assessing and analyzing the information systems, platforms, operating procedures, and internal controls of vendors that provide services to Resurgent Capital Services to help ensure the protection, confidentiality, and integrity of data that is processed, stored, or shared. This role conducts reviews and makes recommendations to help ensure effective security controls are in place while maintaining adherence to all applicable security standards, procedures, and guidelines. The analyst also prepares reports summarizing assessment observations and shares results with management. This position reports to the Manager of Information Technology Audit and Risk.
Roles & Responsibilities
Conduct information security due diligence assessments for Resurgent's vendors.
Execute assessments in an efficient, timely, and professional manner.
Independently assess new and existing vendors to ensure processes are efficient, accurate, and aligned with relevant security standards.
Conduct staff interviews, review documentation, develop observations, and communicate findings to management and vendors through well-written reports.
Manage follow-up on open risk issues and facilitate agreements with business process owners to ensure the timely closure of action plans.
Perform other external assessment-related duties as assigned or as business needs require.
Skills & Qualifications
One to three years of experience with IT/Security internal controls, specifically related to infrastructure, applications, operating systems, and/or database security, is preferred.
Experience and/or knowledge of IT regulatory requirements and frameworks, including COSO, GLBA, PCI DSS, NIST, CIS, and ISO 27000, is preferred.
Strong professional presence with the ability to represent the organization effectively.
Experience with GRC and/or TPRM platforms, such as ProcessUnity, Archer, or ServiceNow, is a plus.
The ideal candidate will have broad experience across multiple areas of IT.
Excellent verbal and written communication skills are required.
Ability to interact effectively with personnel at all levels of the organization.
Strong analytical, organizational, and problem-solving skills.
Exceptional attention to detail.
Ability to prioritize and manage multiple projects simultaneously.
Ability to apply sound judgment and analytical skills to interpret information, identify potential process breakdowns, and assess their impact.
Punctual, dependable, and accountable.
Ability to work in a high-volume, deadline-driven environment while ensuring compliance with all internal policies and procedures.
Proficiency in a Windows environment, with working knowledge of Microsoft Office products; SQL experience is a plus.
Self-motivated, with the ability to work successfully both independently and within a team environment.
Travel is required up to 25%, domestic only.
CISA, GSNA, CTPRA, or CTPRP certifications are preferred.
Candidates with other recognized industry certifications, such as CompTIA A+, Network+, or Security+, are also encouraged to apply.
Education Requirements
4-year degree preferred.