Senior Supplier Risk Assessor

Introduction
At IBM our Project Managers excel by leading and coordinating a project team’s overall performance scope cost and deliverables. Our clients rely on timely and efficient status reports and as Project Manager you will drive the charge with project direction metric definition and performance management. If you are ready to help our clients and project teams succeed we would love to meet you!

Your Role and Responsibilities

• Facilitate Supplier risk management activities leveraging internal IBM policies procedures tools and resources as a management lifecycle
• Ensure Technical Leadership for driving Supplier Management mission Automations and provide guidance to the team
• Work on Supplier Management controls implementation for BUILD RENEW and EXPAND Compliance Programs such as DORA FedRAMP Gov FS Cloud C5 ISMAP ENS High HITRUST HIPPA MeitY Unified Controls Framework.
• Ensure Technical Architecture Designs and Implementation of Supplier Management Automations
• Responsible for overseeing and leading a team of employees. Manage the day-to-day operations and activities of team including assigning tasks provide direction coaching and guidance as required
• Encourage employee engagement and contentment while building a positive atmosphere at work. Foster a culture of collaboration teamwork and communication within their team
• Be the Audit and Certifications Focal for success of ongoing audits
• Ensure IBM Cloud stakeholders and Suppliers complete required self-assessments & questionnaires
• Conduct risk assessments Supplier risk analysis Supplier criticality and understanding of Supplier security posture
• Identify potential attack vectors in the IBM Cloud supply chain and develop risk mitigation strategies to reduce the risk exposure to the IBM enterprise
• Track and report Supplier criticality and risks through assessment and ongoing (continuous monitoring) activities
• Represent IBM Cloud in discussions with Cloud stakeholders Clients and Suppliers
• Develop and implement policies and procedures to improve supplier risk management capabilities of the Supplier Management Office
• Support IBM Cloud Stakeholders and Suppliers in meeting regulatory requirements as determined by operating environments contractual obligations governmental organizations and regulatory bodies globally
• Ensure applicable requirements and regulatory compliance are documented and managed for IBM Cloud Suppliers
• Educate and advise IBM Cloud stakeholders Clients and Suppliers on risk management strategies and promote process efficiencies through automation and tool integration
• Act in compliance with all relevant IBM business conduct guidelines and client driven processes
• Assist in the creation of solutions that balance business requirements with IBM Cloud security requirements
• Communicate interact and negotiate with IBM stakeholders Clients and Suppliers through all levels of the organization globally

Required Technical and Professional Expertise

• At least 10 years of experience in performing Cybersecurity or IT Security risk assessments of 3rd party organizations
• Proficiency in understanding IT environments to include cloud hosting co-location and enterprise
• Proven ability to lead and organize multi-disciplinary projects and initiatives in a fast-paced and deadline-oriented business environment with broad impact.
• Proven ability to pivot with agility and flexibility.
• Proven ability to define project scope identify dependencies and resource requirements analyze risks and define milestones and activities.
• Exceptional attentional to detail.
• Proven analytical skills to normalize supplier management requirements from numerous sources and provide guidance on tools and process to implement to maintain compliance while focused on efficiency and automation.

Preferred Technical and Professional Expertise

• Working knowledge of Cloud offerings and Services
• Bachelor’s Degree in relevant field
• Maintain relevant industry certification(s) in cybersecurity and/or risk management (such as CISA CISSP CISM CRSC)
• Excellent English written and verbal communication
• Basic knowledge and experience in procurement and supply chain