Senior Information Security Vendor Assurance Analyst

Explore your next opportunity at a Fortune Global 500 organization. Envision innovative possibilities, experience our rewarding culture, and work with talented teams that help you become better every day. We know what it takes to lead UPS into tomorrow—people with a unique combination of skill + passion. If you have the qualities and drive to lead yourself or teams, there are roles ready to cultivate your skills and take you to the next level.

Job Description:

We’re the obstacle overcomers, the problem get-arounders. From figuring it out to getting it done… our innovative culture demands “yes and how!” We are UPS.  We are the United Problem Solvers.

About Information Security at UPS Technology:

Our top-notch Information Security team quickly finds and responds to real time threats. These critical-thinkers have a hunger to keep ahead of new exploits and security trends. They protect the vast trove of valuable data that passes through our servers each day. As a part of UPS InfoSec, you’ll continue to uphold our reputation for integrity in this growing and ever-changing field.

About this role:

The Sr. Information Security Vendor Assurance Analyst conducts vendor security assurance and compliance reviews on select groups of third party vendors. The Analyst will review vendor contracts and security agreements to understand the vendors security assurance commitment to the company. Following the contract review, the Analyst will prepare and initiate a vendor audit facilitated by electronic survey's and questionnaire assessments, interviews and security reviews. They will:

• Identify Vendor key points of contact, establish communication channel.
• Initiative audit overview meetings and schedule audit.
• Manage audit time line for questionnaire, interview, evidence verification, and on-site audit phases.
• Contributes to the development of the information security requirements of vendor and customer contracts to ensure UPS's information assets are protected, and all terms follow UPS standards and compliance obligations.
• Ensure all vendor controls meet company standards for confidentiality, integrity, availability and defense in depth security principles.
• Provide immediate security control remediation response in all cases where vendors are found to be deficient or non-compliant. 
  

Qualifications:

• Experience gathering information from a range of different sources, developing and creating search queries.
• Automating searches and querying, tuning large data sets. Experience in using Shared Assessments Program Tools and/or questionnaire based vendor auditing tools.
• Experience using GRC tools and technologies for audit support and vendor governance management.
• Advanced Experience with Auditing Controls, I.T. Auditing fundamentals, Vendor Cybersecurity Analysis & Documentation.
• Candidate must have excellent organization skills and be a self-motivated learner.
  

Preferred Qualifications:

• Bachelor's degree in Information Technology, Information Security, Computer Science, Auditing or equivalent.
• CISA, CRISC, CISM, or CISSP certifications preferred.
• Demonstrated advanced verbal and written communication skills.
• Excellent organization skills and be a self-motivated learner
• Must be detail oriented

Open to fully remote candidates located within the continental United States

Employee Type:

UPS is committed to providing a workplace free of discrimination, harassment, and retaliation.

Other Criteria:

Employer will not sponsor visas for position. UPS is an equal opportunity employer. UPS does not discriminate on the basis of race/color/religion/sex/nationalorigin/veteran/disability/age/sexual orientation/gender identity or any other characteristic protected by law.

Basic Qualifications:

Must be a U.S. Citizen or National of the U.S., an alien lawfully admitted for permanent residence, or an alien authorized to work in the U.S. for this employer.