Privacy & TPRM Analyst, India

Vultr
Washington, US
RemoteCareer-pivot friendly

Why this role

Pace
Steady
Collaboration
High
Autonomy
Medium
Decision Impact
Team
Role Level
Individual Contributor
Career Pivot Friendly
Welcomes transferable skills

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • effective risk mitigation
  • compliance with regulations
Typical background
IT/Security CompliancePrivacy Management

Transferable backgrounds

  • Coming from compliance
  • Coming from risk management

Skills & requirements

Required

Third-party Risk ManagementPrivacy AssessmentsVendor Risk AssessmentsCompliance

Preferred

Ticket ManagementGRC Platforms

Stack & domain

JiraAuditboardDrataSecurity ScorecardGrc PlatformsSwift FormattingCommunicationTeamworkTime ManagementPrivacyRisk ManagementIt Security

About the role

Original posting from Vultr

Join Vultr

Vultr is seeking a highly skilled and experienced Privacy and Third-Party Risk Management (TPRM) Analyst to conduct vendor risk assessments, lead regional consent management projects, and collaborate closely with various stakeholders to support global TPRM and its processes. The ideal candidate has three years of experience in consent management, privacy assessments, and conducting third-party risk assessments to identify, document, and mitigate potential risks. This is a highly visible role in a high-growth technology company, which will require comprehensive understanding of ticket management and GRC platforms (Jira, AuditBoard, Drata, Security Scorecard, etc.) to track and prioritize incoming vendor risk assessment requests. This is your opportunity to join our fast-growing team and leave your mark on Vultr and the future of Cloud Infrastructure.

Key Responsibilities

  • Conduct vendor Business Impact Analysis (BIA) and Data Privacy assessments.
  • Complete third-party risk assessments for all new vendors.
  • Ensure third-party risk assessments include an in-depth Business Impact Analysis (BIA) and Data Protection Impact Assessment (DPIA), supporting BCP/DR and Privacy programs.
  • Continually reevaluate vendors based on their criticality level to identify/document any changes that may impact on Constant's risk exposure, data privacy, mitigation strategies, etc.
  • Coordinate the collection of required security assessment artifacts (e.g., audit reports, privacy policies, compliance documentation, incident response plan, disaster recovery/business continuity plans, etc.) from (new and existing) vendors periodically.
  • Prioritize assessments that require technical reviews/PoC to Security Engineering.
  • Prepare and monitor the status of each vendor risk assessment (software, data center, etc.) and communicate the status with key stakeholders regularly.
  • Update and document due diligence tracking with real-time status and escalate issues and concerns (e.g., oversight deficiencies, program concerns, and open risk items).
  • Own and update control evidence related to TPRM to ensure readiness for internal assessments and external audits.
  • Document program processes and procedures to ensure all updates to the TPRM program are captured and accessible to relevant parties.
  • Support the sales department in completing customer TPRM questionnaires and being the point of contact for security, governance and IT-related inquiries as needed.
  • Answering queries on global data privacy processing and protection requirements from internal stakeholders.
  • Escalating any potential data breaches for investigation and resolution.
  • Creating and maintaining documentation, privacy notices, privacy statements, SOPs, work instructions and guidance notes in cooperation with Legal, SecOps, GRC, Trust & Safety and other teams.
  • Assist in the continued development and maintenance of a comprehensive privacy program which minimizes risk and maintains the confidentiality of personal information of customers, employees and other applicable company data.
  • Preparing reports on regulatory compliance as needed.

Qualifications

  • Minimum of 3-5 years of work experience in IT/Security Compliance/Audit function (or equivalent).
  • Educational Qualification: Bachelor's degree or equivalent experience.
  • Proven experience in compliance, privacy, risk, business continuity, and/or IT security program management.
  • Excellent written communications to internal and external audiences, including senior leadership.
  • Experience collaborating with cross-functional teams, including legal, procurement, engineering, infrastructure, security, suppliers, etc.
  • Ability to succeed in a team environment or work as an individual contributor
  • Familiarity with the security and compliance standards/regulations, specifically SOC 2, ISO 27001, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, DPDPA, GDPR, PCI DSS and HIPAA.
  • Understanding of concepts related to information security domains such as Cloud Computing, Data Privacy, Physical Security, Identity and Access Management, Encryption, Vulnerability Management, Incident Response, etc.
  • Applicants must have work authorization that does not require sponsorship from the company now or in the future.
  • Experience with Supplier Life Cycle Management - Vendor Contracting Process and Third-Party Risk Management Programs for Cloud providers.
  • Must be able to collaborate in US time zones
  • Must be able to start employment within 45 days of offer of employment
  • Self-starter and requires minimal direction from leadership.
  • Methodical and diligent with outstanding planning abilities
  • Able to meet deadlines and handle multiple priorities.
  • Strong ability to negotiate with business partners to attain successful outcomes.
  • Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget, and on time.
  • Ability to present and effectively communicate with

Source: Vultr careers

Similar roles