Your Role and Responsibilities Supplier Risk Assessor is an important role in ensuring Supplier Management stays compliant with regulations and security frameworks. The world is focused on Supply Chain Security due to recent incidents reported in the news. The processes and controls we implement in Cloud must meet the requirements from ever-increasing regulatory requirements, security framework requirements and industry-specific requirements. As we continue to expand our global footprint and expand into additional Regulated Cloud offerings for specific highly regulated industries, there is a need to focus across the requirements and implement operational controls that meet all the requirements to maximize efficiency, consistency, and audit readiness.
Responsibilities:
Facilitate Supplier risk management activities leveraging internal IBM policies, procedures, tools, and resources as a management lifecycle.
Ensure IBM Cloud stakeholders and Suppliers complete required self-assessments & questionnaires.
Conduct risk assessments, Supplier risk analysis, Supplier criticality, and understanding of Supplier security posture.
Identify potential attack vectors in the IBM Cloud supply chain and develop risk mitigation strategies to reduce the risk exposure to the IBM enterprise.
Track and report Supplier criticality and risks through assessment and ongoing (continuous monitoring) activities
Represent IBM Cloud in discussions with Cloud stakeholders, Clients and Suppliers
Develop and implement policies and procedures to improve supplier risk management capabilities of the Supplier Management Office
Support IBM Cloud Stakeholders and Suppliers in meeting regulatory requirements as determined by operating environments, contractual obligations, governmental organizations, and regulatory bodies globally.
Ensure applicable requirements and regulatory compliance are documented and managed for IBM Cloud Suppliers
Educate and advise IBM Cloud stakeholders, Clients and Suppliers on risk management strategies and promote process efficiencies through automation and tool integration.
Act in compliance with all relevant IBM business conduct guidelines and client driven processes
Assist in the creation of solutions that balance business requirements with IBM Cloud security requirements.
Communicate, interact and negotiate with IBM stakeholders, Clients and Suppliers through all levels of the organization globally.
Required Technical and Professional Expertise
Minimum of 5 years related work experience in translating IT or IT Security regulatory requirements into business requirements and at least 2 years hands-on experience with Supplier Risk Assessments.
Proficiency in understanding IT environments, to include cloud, hosting, co-location, and enterprise
Proven ability to lead and organize multi-disciplinary projects and initiatives in a fast-paced and deadline-oriented business environment with broad impact.
Proven ability to pivot with agility and flexibility.
Proven ability to define project scope, identify dependencies and resource requirements, analyze risks and define milestones and activities.
Exceptional attentional to detail.
Proven analytical skills to normalize supplier management requirements from numerous sources and provide guidance on tools and process to implement to maintain compliance while focused on efficiency and automation.
Deep knowledge of NIST/FedRAMP Moderate/High and working knowledge of Regulatory requirements or Security Frameworks and Supplier Management requirements in an industry and in an IT environment is a plus.
Preferred Technical and Professional Expertise
Maintain relevant industry certification(s) in cybersecurity and/or risk management
Working knowledge of Cloud offerings and Services
Bachelor’s Degree in relevant field or maintain Industry Certification (CISA, CISSP, CISM, CRSC)
Excellent English written and verbal communication