Vendor Risk Analyst

Recruitment Title: Vendor Risk Management Analyst
Job Code: 9702SG - IT Pro 2-Sec Gov/Risk/Compl

Please note, this position is not eligible for H-1B or Green Card sponsorship.

The University of Minnesota is committed to fostering local talent through employment
opportunities. While this position utilizes a predominantly remote work modality, prospective
applicants must be located either in the state of Minnesota or near the Wisconsin border or
otherwise open to relocation.

We Offer:
* University paid contribution (10% of your salary) to your retirement account - vested
immediately.
* 22 paid vacation days per year, in addition to sick leave and 12 paid holidays.
* Reduced tuition opportunities covering 75% - 100% of eligible tuition.
* Excellent and affordable health care benefits (2023 Enrollment Guide).
* Wellbeing program with opportunity to earn lower health care rates.
* Free disability insurance and employer-paid life insurance.
* Public Service Loan Forgiveness (PSLF) opportunity.
* Financial counseling services.
* Employee Assistance Program with eight sessions of counseling at no cost.
* Employee Transit Pass with free or reduced rates in the Twin Cities metro area.
* Annual merit increase program.

Job Responsibilities:

Execute Vendor Risk Assessments (70%):
* Conduct security reviews of third parties in a timely manner, through defined processes and
tools, identifying risks where vendor controls do not meet University information security
requirements.
* Drive remediation of risks related to completed third party security reviews.
* Facilitate the vendor management process by working with other information security staff to
evaluate vendor risks, coordinating communication with the risk owner and vendor, and
ensuring proper approval of risk exceptions if necessary.
* Participate in the Request for Proposal (RFP) / Request for Information (RFI) process.
* Escalate security issues where appropriate.
* Maintain strong knowledge of security-related regulations and standards (e.g. HIPAA, PCI DSS, and NIST) and security control structures (e.g. ISO 27001/27002).

Process and Relationship Management (30%):
* Design and implement process improvements to deliver increased operational efficiency.
* Collaborate with key stakeholders involved in vendor acquisition and governance, including
technology, compliance, purchasing, and general counsel offices.
* Develop vendor assessment,tracking processes and procedures using the University Governance, Risk, and Compliance (GRC) tool.
* Support internal education and best practices around vendor risk management.
* Ensure review processes are properly defined and formally documented for consistent
execution.

Required Qualifications:
* Bachelor's degree and 2 years of relevant work experience or a comparable combination of
education, training, and experience.
* Demonstrated experience in one or more of the following:
Regulatory compliance
Information security risk assessment
Third-party vendor review
Information technology audit
* Knowledge of diverse IT architectures and enterprise IT data centers, external hosted services,
and cloud computing environments.
* Demonstrated process improvement and/or process design experience

Preferred Qualifications:
* Strong analytical and problem-solving skills.
* Excellent communication (oral, written, presentation), interpersonal, and consultative skills.
* Prior experience with HIPAA, FERPA, or PCI Compliance

At the University of Minnesota, we are dedicated to changing lives through education, research, and
outreach. The University Information Security (UIS) Department offers an environment of trust,
collaboration, and mission-focused work. We seek an individual who will be responsible for continuous
Vendor Risk Management process improvement, and collaboration with University stakeholders. The
individual in this role will also perform information security reviews of third parties that collect, manage
or access University data, during initial procurement and periodically throughout the contract lifecycle;
they will ensure that reviews are in alignment with potential risk, and issues identified through vendor
reviews are resolved and that agreed-upon controls remain in place.

Pay Range: $80,000-$100,000 per year; depending on education/qualifications/experience

Time Appointment: 100% Appointment

Position Type: Academic Prof and Admin Staff

Please visit the Office of Human Resources website for more information regarding benefit eligibility.

The University offers a comprehensive benefits package that includes:

• Competitive wages, paid holidays, and generous time off
• Continuous learning opportunities through professional training and degree-seeking programs supported by the Regents Tuition Benefit Program
• Low-cost medical, dental, and pharmacy plans
• Healthcare and dependent care flexible spending accounts
• University HSA contributions
• Disability and employer-paid life insurance
• Employee wellbeing program
• Excellent retirement plans with employer contribution
• Public Service Loan Forgiveness (PSLF) opportunity
• Financial counseling services
• Employee Assistance Program with eight sessions of counseling at no cost
• Employee Transit Pass with free or reduced rates in the Twin Cities metro area

Applications must be submitted online. To be considered for this position, please click the Apply button and follow the instructions. You will be given the opportunity to complete an online application for the position and attach a cover letter and resume. Please document qualifications on resume.

Additional documents may be attached after application by accessing your "My Job Applications" page and uploading documents in the "My Cover Letters and Attachments" section.

The University of Minnesota is an Equal Opportunity Educator and Employer.

To request an accommodation during the application process, please e-mail employ@umn.edu or call (612) 624-8647.

The University recognizes and values the importance of diversity and inclusion in enriching the employment experience of its employees and in supporting the academic mission. The University is committed to attracting and retaining employees with varying identities and backgrounds.

The University of Minnesota provides equal access to and opportunity in its programs, facilities, and employment without regard to race, color, creed, religion, national origin, gender, age, marital status, disability, public assistance status, veteran status, sexual orientation, gender identity, or gender expression. To learn more about diversity at the U: http://diversity.umn.edu

Any offer of employment is contingent upon the successful completion of a background check. Our presumption is that prospective employees are eligible to work here. Criminal convictions do not automatically disqualify finalists from employment.

The University of Minnesota, Twin Cities (UMTC)

The University of Minnesota, Twin Cities (UMTC), is among the largest public research universities in the country, offering undergraduate, graduate, and professional students a multitude of opportunities for study and research. Located at the heart of one of the nation's most vibrant, diverse metropolitan communities, students on the campuses in Minneapolis and St. Paul benefit from extensive partnerships with world-renowned health centers, international corporations, government agencies, and arts, nonprofit, and public service organizations.

At the University of Minnesota, we are proud to be recognized by the Star Tribune as a Top Workplace for 2021, as well as by Forbes as Best Employers for Women and one of America's Best Employers (2015, 2018, 2019, 2023), Best Employer for Diversity (2019, 2020), Best Employer for New Grads (2018, 2019), and Best Employer by State (2019, 2022).