The Supplier Risk and Scope Analyst is accountable for completing initial information security risk and scope reviews for suppliers to determine the inherent risk of a supplier with respect to that supplier’s access to Personally Identifiable Information. This review is completed using an established process developed by Information Security. ____________________________________________________________________________

Specific accountabilities:

•             Coordinate with line of business supplier managers to complete the risk and scope questionnaire and assessment tool.

•             Obtain supplier manager’s agreement on the risk and scope. 

•             Document the results of each risk and scope discussion and conclusion.

•             Alert management to issues such as: non-responsive supplier manager, conflicting conclusions, etc

•             Complete other duties as assigned.

KNOWLEDGE AND SKILLS:

a)            Knowledge:

§             Working knowledge of Information Security risk and IS best practices – 2-3 years of  relevant experience

§             General understanding of a risk based assessment approach.

b)            Skills:

§             Good consulting skills

§             Advanced analytic skills

§             Highly developed communication skills, both verbal and written

§             Demonstrate strong relationship management skills

§             Advanced problem solving skills

§             Solid negotiation/ mediation skills

§             Good Project Management skills

§              Excellent time management skills