Lead Vendor Cyber Risk Management Analyst

The Lead Vendor Risk Management Analyst will serve as a key leadership role within our global Vendor Risk Management function, providing strategic oversight and hands-on execution of vendor cybersecurity and third-party risk activities. This individual contributor will act as the lead, coordinating a team of vendor risk analysts while reporting directly to the Director of Vendor Risk Management. This role requires a blend of technical vendor risk expertise, contract negotiation skills, and people leadership capabilities to ensure our organization maintains robust third-party risk controls across our global vendor portfolio. The successful candidate will manage complex vendor assessments, lead incident response efforts, and drive continuous improvement of our vendor risk program while serving as the primary point of contact for vendor risk matters. About the role: You are a fit for the position of Lead Vendor Cyber Risk Management Analyst if your background includes:​ Provides leadership and operational oversight for the India-based vendor risk management team, ensuring consistent execution of assessments, monitoring, and incident response while fostering professional development and alignment with global objectives. Conducts contract reviews and participates in vendor negotiations to identify and mitigate cyber security and operational risks, ensuring appropriate security controls, data protection requirements, SLAs, and remediation obligations align with company risk appetite and regulatory requirements. Manages vendor incident response by coordinating with cross-functional teams during security events, conducting impact assessments, ensuring timely vendor communication and remediation tracking, and documenting lessons learned to strengthen future capabilities. Executes comprehensive vendor risk assessments throughout the vendor lifecycle using industry-standard frameworks to evaluate security posture, data handling practices, business continuity capabilities, and compliance with contractual and regulatory standards. Performs continuous vendor monitoring through risk management platforms and third-party security rating services, analyzing scorecards, threat intelligence, financial indicators, and compliance status to identify emerging risks and provide actionable insights for decision making. Develops, maintains, and enhances policies, procedures, standards, and documentation for the vendor cyber risk management program, ensuring clear guidance for assessment methodologies, monitoring thresholds, incident response protocols, and reporting requirements while incorporating best practices. Leverages enterprise risk management tooling to streamline vendor risk workflows, maintain accurate vendor inventories and risk profiles, generate executive reporting and metrics, track remediation activities, and identify opportunities for automation and process optimization. About you: You are a fit for the position of Lead Vendor Cyber Risk Management Analyst if your background includes:​ Minimum of 11-15 years of progressive experience in cybersecurity, third-party risk management, or vendor risk management, with at least 3-5 years in a senior or lead capacity coordinating vendor risk activities and guiding team members. Demonstrated expertise in vendor cyber risk assessment methodologies and frameworks (e.g., NIST CSF, ISO 27001, SOC 2, CIS Controls) with proven ability to evaluate complex technical security controls and data protection practices. Extensive hands-on experience conducting vendor due diligence across the full vendor lifecycle, including onboarding assessments, periodic reviews, continuous monitoring, and offboarding activities for enterprise technology vendors and SaaS providers. Strong background in contract review and negotiation with specific focus on cybersecurity terms, data processing agreements, liability clauses, indemnification provisions, audit rights, and breach notification requirements. Proficie ... (truncated, view full listing at source)