Job Title: Associate Security Analyst – Cloud Vendor Risk Management
We are seeking an Associate Security Analyst to join our Digital Security team, focusing on cloud vendor risk management. This role is ideal for someone early in their cybersecurity career who is analytical, detail-oriented, and interested in evaluating the security posture of third-party vendors.
In this position, you will support the assessment of cloud vendors by reviewing security documentation, identifying potential risks, and helping ensure vendors meet established security standards. You’ll collaborate cross-functionally with teams including Security, Procurement, Legal, and business stakeholders.
Key Responsibilities
- Review and analyze vendor security documentation, including SOC 2 Type 2 reports, ISAE 3402 reports, penetration test results, network documentation, and architecture diagrams
- Assess vendor evidence to identify control gaps, risks, and areas requiring follow-up
- Document findings and clearly communicate results to internal stakeholders
- Track vendor submissions, remediation items, and outstanding documentation requests
- Support onboarding and ongoing monitoring of third-party cloud vendors
- Maintain and improve vendor risk management processes, templates, and documentation
- Partner with senior analysts and cross-functional teams to support risk-based decision making
- Escalate higher-risk findings and unresolved issues as needed
- Contribute to audit-ready documentation, reporting, and metrics
Qualifications
- Bachelor’s degree in Cybersecurity, Information Security, IT, Risk Management, or a related field (or equivalent experience)
- Basic understanding of information security principles and third-party risk management
- Familiarity with core security concepts such as access management, vulnerability management, incident response, and network security
- Strong attention to detail and analytical skills
- Excellent written and verbal communication skills
- Ability to manage multiple tasks and meet deadlines
Preferred Qualifications
- Internship or early-career experience in cybersecurity, GRC, or vendor risk management
- Familiarity with SOC 2 reports and common security frameworks such as NIST or CIS Controls
- Exposure to cloud technologies and shared responsibility models
- Understanding of vendor due diligence or procurement processes
- Relevant certifications such as CompTIA Security+, ISC2 Certified in Cybersecurity, or similar
What Success Looks Like
- Produces accurate, thorough, and timely vendor risk assessments
- Clearly communicates risks, findings, and required follow-up actions
- Effectively manages vendor communications and documentation requests
- Contributes to a scalable and efficient vendor risk management program
- Builds strong relationships with internal stakeholders
