Optomi, in partnership with a leader in the Entertainment industry is seeking a Sr. Security Compliance Analyst to join their team! This individual will be responsible for for planning, conducting and reporting on third party assessments including assessment planning, execution, and reporting, and providing quality assurance reviews of assessments conducted by others.

Responsibilities:

• Ability to evaluate the services provided by vendors, timely review vendor performances and risks associated, and develop appropriate responses
• Consistently monitor progress and manage vendor risk, and make certain that key stakeholders are kept informed about progress and expected outcomes; stay abreast of current business and industry trends relevant to the business
• Ability to summarize assessment outcomes, risk level and associated recommendations. Additionally, recommend and implement compliance measures.
• Assist in the third party assessment of outside legal counsel in support of Legal Operation’s mission. Assisting in planning, conducting, and reporting on external law firms and following-up and tracking resolution of agreed-upon finding remediation plans.
• Periodically reach out to vendors and business units regarding current threats to ensure they are taking necessary steps to reduce exposure
• Provide timely advice on security requirements in proposed and existing vendor contracts
• Working with the end to end process, from sending out the questionnaire to completing a review the received package (evidence, documents, and responses)
• Working with GRC tools: Process Unity, Archer, Security scorecard (or similar tools such as BitSight, Blackkite)
• Policy and documentation review

Requirements:

• External audit (e.g., Big Four) and /or internal audit (e.g., Fortune 500)
• 5-7 years of program and project management experience
• 5-7 years of experience in third party risk management or IT vendor management experience
• 4-year degree Computer Science, Risk Management, Information Security and/or equivalent professional experience
• CISA, CISSP or similar certification
• ISO27001 implementor and auditor experience.
• BC / DR (service continuity) experience
• Experience presenting and influencing mid-level executives on IT security and matters