Senior Business Systems Analyst
Gravity IT Resources
Job Title: Senior IT Business Systems Analyst
Location: Remote (needs to be within 3 hrs of Palm Beach County)
As a Senior IT Business Systems Analyst, you will work as a third-party risk assessor. You will work on a team and be responsible for assessing the risks posed by third-party vendors and service providers that work with our organization. You will work closely with internal business units and vendors to evaluate, and potential risks associated with outsourcing, partnerships, and other third-party relationships. You will identify, analyze, and evaluate risks that could potentially impact our organization’s operations, IT network, reputation, and compliance with regulatory requirements.
- Conduct third-party risk assessments by reviewing vendor background, financial standing, product being procured (business use case) and configuration of that product as it relates to NextEra IT networks.
- Must be able to understand contracts, service level agreements, policies, and procedures to identify potential IT and operational cyber security risks.
- Conduct remote assessments of third-party vendors to evaluate their security posture, product viability for business case, information security practices, and compliance with relevant regulations.
- Identify gaps in vendor risk management practices and work with internal business units to develop remediation plans to mitigate potential risks.
- Provide guidance and support to business units and internal teams to ensure that third-party relationships are managed in accordance with the organization’s policies and procedures.
- Maintain an up-to-date knowledge of industry trends and regulatory requirements related to third-party, supply chain risk management.
- Bachelor’s degree in Business Administration, Risk Management, Information Security, or related field.
- 3+ years of experience in third-party risk management, information security, or related field.
- Experience applying industry-standard frameworks such as ISO 27001, NIST, and COBIT.
- Strong analytical skills, attention to detail, and the ability to assess complex situations, think critically and make risk-based decisions.
- Excellent communication skills, including the ability to explain complex issues to non-technical stakeholders in written and verbal form.
- Report writing experience/capability to audience at Director and VP level.
- Strong project management skills, including the ability to manage multiple priorities and stakeholders simultaneously.
Certifications that would be a plus:
- Certified Third Party Risk Assessor (CTPRA)
- Certified Information Systems Auditor (CISA)
- Certified Third Party Risk Professional (CTPRP)