About the Role

This role is instrumental in mitigating the cyber risk posed by third-party vendors, safeguarding S&P Global's brands and information assets from potential attacks originating through our vendor network. Key responsibilities include conducting comprehensive assessments of vendor Cybersecurity and Business Continuity controls through control risk assessments, risk recertifications, and continuous vendor monitoring. This is a crucial position given the prevalence of data breaches attributed to third parties.

The Team

As a vital part of the Vendor Risk Management function, the Vendor Cyber Risk Management team focuses on managing supply chain cyber risks by performing thorough risk assessments of third-party engagements. This role requires close collaboration with internal stakeholders and external vendors to achieve effective risk reduction and maintain a strong security posture.

Responsibilities and Impact

Working in Vendor Risk Management offers continuous opportunities to refine processes, adapt to evolving regulatory requirements, and expand your knowledge and expertise in a dynamic and challenging environment. In addition to core risk assessment activities, you will actively participate in projects that allow for the demonstration and development of your skills.

Key Responsibilities:

• Conduct in-depth evaluations of vendor cybersecurity, business continuity, and AI for cloud and non-cloud service providers to assess their information security posture.
• Collaborate effectively with internal teams to identify critical vendors and analyze their potential impact on the organization's cyber risk profile.
• Communicate risk assessment findings and actionable recommendations to key stakeholders, including senior management, legal, and compliance teams.
• Work closely with vendors to address identified security gaps and ensure compliance with the organization's cybersecurity standards.
• Review vendors within the continuous monitoring program and support periodic vendor reviews.
• Stay informed about emerging cybersecurity threats and industry trends to enhance the effectiveness of the risk assessment process.
• Support enhancement projects within Vendor Risk Management to align with business and regulatory needs.
• Assist team members in managing workload distribution and handling ad-hoc projects.

What We're Looking For

Basic Required Qualifications:

• Bachelor's degree in Computer Science, Engineering, or equivalent.
• Minimum 3-5 years of experience in Information Security or Technology Risk Management.
• Prior exposure to vendor risk management and/or privacy laws and regulations is a plus.
• Demonstrable understanding of technology and information security control concepts.
• Exposure to cloud technologies and cloud security is highly desired; familiarity with public cloud platforms like AWS, Azure, or GCP is preferred.
• Experience with cyber contract reviews is advantageous.
• Excellent written and oral communication skills are essential for effective collaboration with cross-functional teams and vendors.

Additional Preferred Qualifications:

• Willingness to work UK shifts and flexibility for meetings during US business hours is required.
• Strong organizational skills with the ability to multitask, prioritize, and maintain meticulous attention to detail.
• Proven ability to build strategic partnerships with internal stakeholders.
• A critical thinker with strong qualitative analytical skills.
• Information Security/Risk Management certifications are a plus.