Supplier Risk Assessor

Introduction
At IBM our Project Managers excel by leading and coordinating a project team’s overall performance scope cost and deliverables. Our clients rely on timely and efficient status reports and as Project Manager you will drive the charge with project direction metric definition and performance management. If you are ready to help our clients and project teams succeed we would love to meet you!

Your Role and Responsibilities
Supplier Risk Assessor is an important role in ensuring Supplier Management stays compliant with regulations and security frameworks. The world is focused on Supply Chain Security due to recent incidents reported in the news. The processes and controls we implement in Cloud must meet the requirements from ever-increasing regulatory requirements security framework requirements and industry-specific requirements. As we continue to expand our global footprint and expand into additional Regulated Cloud offerings for specific highly regulated industries there is a need to focus across the requirements and implement operational controls that meet all the requirements to maximize efficiency consistency and audit readiness.

Responsibilities:

• Facilitate Supplier risk management activities leveraging internal IBM policies procedures tools and resources as a management lifecycle.
• Ensure IBM Cloud stakeholders and Suppliers complete required self-assessments & questionnaires.
• Conduct risk assessments Supplier risk analysis Supplier criticality and understanding of Supplier security posture.
• Identify potential attack vectors in the IBM Cloud supply chain and develop risk mitigation strategies to reduce the risk exposure to the IBM enterprise.
• Track and report Supplier criticality and risks through assessment and ongoing (continuous monitoring) activities
• Represent IBM Cloud in discussions with Cloud stakeholders Clients and Suppliers
• Develop and implement policies and procedures to improve supplier risk management capabilities of the Supplier Management Office
• Support IBM Cloud Stakeholders and Suppliers in meeting regulatory requirements as determined by operating environments contractual obligations governmental organizations and regulatory bodies globally.
• Ensure applicable requirements and regulatory compliance are documented and managed for IBM Cloud Suppliers
• Educate and advise IBM Cloud stakeholders Clients and Suppliers on risk management strategies and promote process efficiencies through automation and tool integration.
• Act in compliance with all relevant IBM business conduct guidelines and client driven processes
• Assist in the creation of solutions that balance business requirements with IBM Cloud security requirements.
• Communicate interact and negotiate with IBM stakeholders Clients and Suppliers through all levels of the organization globally.

Required Technical and Professional Expertise

• Minimum of 5 years related work experience in translating IT or IT Security regulatory requirements into business requirements and at least 2 years hands-on experience with Supplier Risk Assessments.
• Proficiency in understanding IT environments to include cloud hosting co-location and enterprise
• Proven ability to lead and organize multi-disciplinary projects and initiatives in a fast-paced and deadline-oriented business environment with broad impact.
• Proven ability to pivot with agility and flexibility.
• Proven ability to define project scope identify dependencies and resource requirements analyze risks and define milestones and activities.
• Exceptional attentional to detail.
• Proven analytical skills to normalize supplier management requirements from numerous sources and provide guidance on tools and process to implement to maintain compliance while focused on efficiency and automation.
• Deep knowledge of NIST/FedRAMP Moderate/High and working knowledge of Regulatory requirements or Security Frameworks and Supplier Management requirements in an industry and in an IT environment is a plus.

Preferred Technical and Professional Expertise

• Maintain relevant industry certification(s) in cybersecurity and/or risk management
• Working knowledge of Cloud offerings and Services
• Bachelor’s Degree in relevant field or maintain Industry Certification (CISA CISSP CISM CRSC)
• Excellent English written and verbal communication