Cyber Risk Quantification Analyst

Cyber Risk Quantification Analyst Are you passionate about identifying and managing third-party risks that could impact business continuity, security, or compliance? About the role, the Cyber Risk Quantification Analyst will analyze risks and help operate the enterprise security program, including vendor risk management. This role supports Elsevier’s Information Security and Data Protection (ISDP) program under the Governance, Risk & Compliance (GRC) team. This position is responsible for conducting and maturing vendor security reviews, improving continuous monitoring processes, conducting cyber risk quantification as necessary, and reducing third-party risk exposure. This role supports both operational activities and programmatic improvements aimed at elevating the TPRM program maturity. About the team- This team is looking to double in size, our corporate GRC team (part of the Technology Information Security & Data Protection organization) focuses on ensuring information security standards and regulatory compliance across the enterprise. Requirements • Familiar with the Factor Analysis of Information Risk (FAIR) Framework • Possess current experience in cybersecurity, with at least 3 years in third-party/vendor risk management. • Proficiency with GRC platforms (e.g., SafeOne, OneTrust, AuditBoard). • Understanding of ISO 27001, SOC2, NIST CSF , SIG, and third-party risk assessment frameworks. • Ability to respond to security artifacts, questionnaires, and monitoring data. • Experience with leading or owning key aspects of a TPRM program in a distributed enterprise environment. • Knowledge of vulnerability management, security tiering, and risk remediation. • Familiarity with automation workflows and data quality governance. • CISSP, CISM, CRISC, OpenFAIR or related certification. Responsibilities • Vendor Risk Assessments: Performing end-to-end third-party reviews including intake, documentation validation, tier assignment, findings analysis, follow-up communications, and vendor off-boarding. • Monitoring & Remediation: Reviewing and prioritizing vendor alerts from continuous monitoring tools (e.g., SafeOne). Coordinate with applicable stakeholders and business owners to assign, track, and close remediation actions. • Program Improvement: Leading efforts in updating vendor questionnaires, enhancing tiering logic, and consolidating intake processes across platforms, including impact analysis work sheets, Zip and OneTrust. • Offboarding & Inventory Accuracy: Conducting offboarding verification and data reconciliation with procurement to ensure expired vendors are properly offboarded and archived. • Process Documentation: Mapping vendor onboarding workflows and maintain documentation to support a unified entry point and reduce redundancy. • Stakeholder Support: Acting as a key liaison with all stakeholders, including internal Elsevier and RELX teams, external vendors, and Elsevier customers, as required. • Reporting & Metrics: Maintaining and reporting on status of third-party lifecycle KPIs, KRIs, reassessment tracking, and findings resolution activities. • Additional Risk Management Activities: Leveraging the Elsevier Risk Management policy, processes, standards and procedures to conduct risk–related activities including risk identification, analysis, evaluation, monitoring, and reporting, as required. Elsevier employs 9,500 people worldwide, including over 2,500 technologists. We have supported the work of our research and health partners for more than 140 years. Growing from our roots in publishing, we offer knowledge and valuable analytics that help our users make breakthroughs and drive societal progress. Elsevier is part of RELXa global provider of information-based analytics and decision tools for professional and business customers. Working for you We know that your wellbeing and happiness are key to a long and successful career. These are some of the benefits we are delighted to offer: • Health Benefits: Comprehensive, multi-carrier program for medical, dental and vision benefits • Retirement Benefits: 401(k) with match and an Employee Share Purchase Plan • Wellbeing: Wellness platform with incentives, Headspace app subscription, Employee Assistance and Time-off Programs • Short-and-Long Term Disability, Life and Accidental Death Insurance, Critical Illness, and Hospital Indemnity • Family Benefits, including bonding and family care leaves, adoption and surrogacy benefits • Health Savings, Health Care, Dependent Care and Commuter Spending Accounts • Up to two days of paid leave each to participate in Employee Resource Groups and to volunteer with your charity of choice - We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Formor please contact 1-855-833-5120. Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here. Please read our Candidate Privacy Policy. We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law. USA Job Seekers: EEO Know Your Rights.