Vendor Management Risk Analyst - Legal & General America
Frederick, MD 21704
About the Job
At Legal & General America, we aim to make a positive difference in the lives of our customers, partners, colleagues, and the communities in which they live. As a recognized market leader of term life insurance, we’re working to transform our business through innovation and technology to provide products and solutions that help American families secure their financial futures.
We are a future-focused company, passionate about what we do and how we do it. This means working with pace and energy to reach our goals, and challenging ourselves to achieve more. We strive to create a unique environment where balance between work and life is possible. Our employees' passion, dedication and hard work, as well as our career development opportunities, benefits, and employee activities contribute to our positive workplace culture.
The Vendor Management Risk Analyst will support the Vendor Management Office (VMO) to effectively manage vendor risk in accordance with internal policy, regulatory requirements, and stakeholder needs. The Vendor Management Risk Analyst will be responsible for evaluating, monitoring, and managing the inherent and residual risks associated with vendors that have access to the organization’s data or systems. Working closely with various departments across the organization, the Vendor Management Risk Analyst will play a vital role in assessing the security, privacy, compliance, and operational risks posed by vendors and implementing risk mitigation strategies to safeguard company interests.
Responsibilities:- Facilitate the on-time completion of initial and recertification reviews including collecting and assessing vendor questionnaires and audit reports (SOCs) and security documents, assess and document the risk and conclusions drawn from the assessment.
- Track and conduct comprehensive risk assessments of vendors, based on a periodic schedule, to evaluate their capabilities, controls, and adherence to internal policies, standard standards, and regulatory requirements.
- Compose assessment report containing findings and recommendations and present to business and the vendor.
- Develop and implement risk mitigation strategies and action plans to address identified risks and vulnerabilities associated with vendor relationships, and coordinate with business stakeholders to monitor and drive resolution.
- Ensure appropriate risk tier is assigned and due diligence completed by performing a deep dive analysis.
- Monitor and track vendor risk indicators, including cybersecurity incidents and regulatory changes to assess the ongoing risk exposure and potential impacts.
- Provide regular reporting to senior management on the status of vendor risk management activities and key findings.
- Stay informed about regulatory changes, industry trends, emerging risks, and best practices in vendor management to enhance organization’s vendor management capabilities and practices.
- Update vendor management system continuously, track key vendor metrics, and perform other duties as assigned in support of Front office.
Education
Bachelor's Degree in Risk, Business, Business Technology, Cybersecurity, or a related (may consider equivalent combination of education and experience).
Experience/Knowledge
- 3 to 5 years of relevant work experience (e.g., vendor management, information security, third party risk management) with insurance industry experience is preferred
- Strong understanding of vendor management lifecycle and vendor risk management principles, methodologies, and best practices.
- Subject matter expertise in SSAE 16, SOC 2, Shared Assessments, etc.
- Broad knowledge of information security and privacy fundamentals, and experience in applying security frameworks such as NIST or ISO 27000.
- Proficient in the design and implementation of effective control framework.
Skills
- Detail-oriented and organized, with the ability to manage multiple priorities and deadlines in a fast-paced environment.
- Proficiency in using vendor management tools, software, and technologies to support third-party risk assessment and monitoring activities.
- Excellent analytical, problem-solving, and critical-thinking skills, with the ability to assess complex situations and make informed risk-based decisions.
- Acute attention to detail with a high level of data integrity and accuracy.
- Demonstrated solid written and oral business writing, communication, and presentation skills with ability to effectively communicate to and influence at all levels of the organization.
- Self-motivated
What’s in it for you?
The expected hiring compensation range for this position is $88,300 - $115,00 annually. This position is hybrid requiring 3 days in our Frederick, Maryland office.
The total compensation package for this position may include other elements, such as a sign-on bonus, long term incentives, and annual bonuses. This role is eligible to participate in the Legal & General America Annual Incentive Plan. The current target payment for the position is 8% of base salary, modified for corporate and individual performance. Bonuses are pro-rated based on start date. This role has 15 vacation days and 10 sick days that are accrued on a bi-weekly basis. Employees also have 9 paid holidays throughout the calendar year.
We have a competitive compensation and benefits package focused on your overall wellbeing. Employee benefits include health, life, and dental insurance; 401K with company match up to 6% as well as a pension package; generous time off; and wellbeing initiatives throughout the year (we like doing fun stuff). We’re big on professional development and we’ll support and mentor you in your career progression and expect you to help us pay it forward by helping us develop tomorrow's leaders and growth-focused professionals. We value our teams and our communities and believe in giving back. Enjoy time off to volunteer for those causes that matter most to you!
If hired, employee will be in an “at-will position” and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors. The Company reserves the right to change benefits plans at any time.
We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment. Please contact us to request accommodation.
governance