Vendor Information Security Analyst

Job Scope:

Training and development will be provided in all areas of the role as required.

Key Responsibilities:

• Serve as an advanced technical advisor for third-party assessments, providing detailed security insights and solutions.
• Perform in-depth security reviews and risk assessments for new and existing third-party vendors, ensuring compliance with organizational and regulatory requirements.
• Demonstrate advanced knowledge in RELX security compliance policies and procedures.
• Stay current with updates and developments in security standards such as OWASP Top 10, ISO27001, and SOC 2, and ensure their proper implementation across the organization.
• Develop and deliver training and awareness on security policies and standards to business units.
• Gain in-depth knowledge of the organization's major infrastructure security controls, ensuring they align with RELX Policies and Standards, industry best practices, and regulatory requirements.
• Coordinate with technology/service owners and business owners to conduct annual security audits, vulnerability assessments, and penetration tests where applicable.
• Work collaboratively within all business areas and key stakeholders to ensure the review and approach of all security governance, risk, and compliance scope is appropriate and proactive.
• Ensure continuous monitoring and reporting of compliance and risk status against NIST2.0, RELX Framework, ISO27001, SOC2, PCI DSS, regional and global regulations, and all other relevant standards.
• Support internal and external audits by providing detailed documentation and evidence of security controls and practices.
• Perform RX Business Unit and Third-Party security audits according to the CISO office strategic plan and produce detailed documentation and evidence against security controls and practices tested.
• Act as a point of escalation for security-related incidents, providing advanced security support and guidance to Level I Analysts and other team members.
• Provide regular updates and at least monthly metric reports to senior management on security compliance and risk posture.
• Escalation of high impact security issues to Security Compliance Manager.

Ideal candidate profile:

Technical Skills:

• Bachelor's Degree holder.
• Background in IT, compliance, and/or information security.
• Ability to work across all levels of seniority within business teams to drive a working partnership.
• Strong analytical and critical thinking skills.
• Understanding of industry standards for IT security (e.g., ISO27001/2, SOC 2, PCI DSS).
• Basic understanding of IT security applications (e.g., firewalls, intrusion detection, virus protection).
• Understanding of IT security testing and vulnerability management, and Threat Modeling.
• Understanding in Cloud Environment (e.g., AWS, Azure or GCP)
• Understanding of Service Level Management.
• Desired understanding of OneTrust portal or Similar.
• With CompTIA Security+ or Similar or Higher.

Personal Skills:

• Ability to work across all levels of seniority within the organization and suppliers to drive a working partnership.
• Good communication skills at all levels, both oral and written.
• Good interpersonal skills.
• Ability to produce effective influence and persuasive arguments in support of security assessment process goals.
• Highly driven and self-motivated individuals.
• Skilled in project management and able to work independently in a fast-paced environment.