Compliance Risk Analyst

Qualifications:

●      Knowledge of third-party risk management frameworks applicable.

●      Knowledge of compliance and audit principles for designing and conducting risk assessments.

●      Detail oriented with strong analytical, problem solving, customer service, and organization skills.

●      Ability to generate ideas for and support continuous improvement in the department.

●      Ability to independently manage and prioritize work; must be able to juggle multiple tasks, tight deadlines, and changing priorities and meet deliverables on time.

●      Familiarity with vendor risk assessment tools and technologies.

●      Strong written and verbal communication skills.

At Stanford University, we are committed to fostering a diverse and inclusive work environment that promotes equal opportunities for all. If you possess the above qualifications and are excited about the prospect of contributing to our Data Risk Management Center of Excellence, we encourage you to apply today.

Responsibilities:

●      Help build and maintain a Data Risk Management Center of Excellence program.

●      Perform risk assessments and contract reviews, and respond to customer security questionnaires.

●      Develop Standard Operating Procedures (SOP) to document procedures for risk assessments, third party assessments, and business process workflows for Security Governance, Risk, and Compliance.

●      Partner with internal business units, external suppliers, and clients to identify and monitor data and vendor risks and control activities and maintain all information pertaining to vendor relationships, including risk scorecards.

●      Develop and implement data and vendor risk assessment methodologies and procedures that align with industry best practices and compliance requirements.

●      Partner with business owners and the onboarding analyst to ensure third parties are properly classified based on the inherent and residual risks.

●      Provide regular reports to management on the status of data and vendor cybersecurity and privacy  risks, vulnerabilities, and remediation efforts.

●      Collaborate with internal partners in the development and execution of corrective action plans to mitigate and resolve data-related risks.

●      Analyze security and privacy controls and recommend improvements to confirm compliance with our cybersecurity and data privacy policies and standards.

●      Document and maintain an accurate and complete centralized repository of third-party service providers in the vendor management tool that includes profile data, product description, status, business owners scoping, categorization, and supporting contracts.

●      Review vendor contract negotiations and data management plans to confirm appropriate privacy and cybersecurity requirements are included.

●      Triage and consult regarding requests for support related to privacy and security incidents.

●      Generate key metrics, reporting, and dashboards on a consistent basis for executive leadership.

●      Drive process improvements to continuously mature the Data Risk Management Program.

●      Assist with the communication, training, and roll out of new Data Risk Management Program processes to the various stakeholders.

●      Develop necessary policy, standards, procedures, and tools to define and support the Data Risk Management Program, workflows, and processes.

●      Collaborate with the cybersecurity and privacy teams and other stakeholders to identify vulnerabilities and threats associated with data risk and vendor relationships.

●      Stay up-to-date with industry trends and best practices related to data and vendor risk management.

Education:

●      Bachelor's degree in Information Security, Computer Science, Data Privacy, or equivalent experience.

●      1-3 years of experience in any of the following area: information security, data privacy, vendor risk management, contract review, or related field

PHYSICAL REQUIREMENTS*:

●      Constantly perform desk-based computer tasks.

●      Frequently sit, grasp lightly/fine manipulation.

●      Occasionally stand/walk, use a telephone, occasionally lift/carry/push/pull objects that weigh 21-40 pounds.

●      Rarely writing by hand, lift/carry/push/pull objects that weigh up to 20 pounds and lift/carry/push/pull objects that weigh >40 pounds.

    * - Consistent with its obligations under the law, the University will provide reasonable accommodation to any employee with a disability who requires accommodation to perform the essential functions of the job.

WORKING CONDITIONS:

●      Remote/Hybrid considered. 

●      Occasional exposure to high voltage electricity.

●      Occasional extended and weekend hours.

WORK STANDARDS:

●      Interpersonal Skills: Demonstrates the ability to work well with Stanford colleagues and clients and with external organizations.

●      Promote Culture of Safety: Demonstrates commitment to personal responsibility and value for safety; communicates safety concerns; uses and promotes safe behaviors based on training and lessons learned.

●      Subject to and expected to comply with all applicable University policies and procedures, including but not limited to the personnel policies and other policies found in the University’s Administrative Guide, http://adminguide.stanford.edu.

The job duties listed are typical examples of work performed by positions in this job classification and are not designed to contain or be interpreted as a comprehensive inventory of all duties, tasks, and responsibilities. Specific duties and responsibilities may vary depending on department or program needs without changing the general nature and scope of the job or level of responsibility. Employees may also perform other duties as assigned.

Consistent with its obligations under the law, the University will provide reasonable accommodation to any employee with a disability who requires accommodation to perform the essential functions of his or her job.

Stanford is an equal employment opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law.

This role is open to candidates anywhere in the United States. Stanford University has five Regional Pay Structures. The compensation for this position will be based on the location of the successful candidate. The expected pay range for this position is $99,000 to $127,000 per annum.

Stanford University provides pay ranges representing its good faith estimate of what the university reasonably expects to pay for a position. The pay offered to a selected candidate will be determined based on factors such as (but not limited to) the scope and responsibilities of the position, the qualifications of the selected candidate, departmental budget availability, internal equity, geographic location, and external market pay for comparable jobs.

At Stanford University, base pay represents only one aspect of the comprehensive rewards package. The Cardinal at Work website (https://cardinalatwork.stanford.edu/benefits-rewards) provides detailed information on Stanford’s extensive range of benefits and rewards offered to employees. Specifics about the rewards package for this position may be discussed during the hiring process.