Vendor Risk Consultant

Overview
Join to apply for the
Vendor Risk Consultant
role at
SecurityScorecard .
SecurityScorecard is the global leader in cybersecurity ratings, providing risk insights for organizations worldwide.
About the Role
SecurityScorecard’s MAX team delivers vendor risk management services on behalf of customers. Our MAX team is growing and we are seeking a Vendor Risk Consultant to join our team and help us manage and mitigate cyber risks associated with our customers’ vendors. This is an exciting opportunity to work alongside some of the largest companies in the world and make a significant impact on their business by ensuring that their information is held securely by their vendors.
What You’ll Do
Assess and Reduce Risk: Conduct cybersecurity risk assessments on potential and existing vendors within MAX customer portfolios to identify and reduce business risks.
Advise Stakeholders: Serve as a trusted advisor to both customers and their vendors, translating technical risk findings into clear business impacts and risk management actions.
Apply Threat Intelligence: Leverage SecurityScorecard’s proprietary findings and all-source threat intelligence to assess emerging risks, advise vendors on impacts, and guide remediation.
Build and Maintain Relationships: Foster trust with both customers and vendors as you help each understand risks, ensure ongoing compliance with requirements, and prevent incidents.
Enhance Customer Risk Programs: Evaluate the maturity of vendor risk management programs and recommend improvements to strengthen governance and operational processes.
Monitor & Elevate Vendor Security: Track and report on vendor risk profiles, proactively identifying trends, emerging threats, and opportunities for program improvement.
Manage Multiple Engagements: Orchestrate concurrent client programs, ensuring consistent delivery excellence, measurable results, and alignment with regulatory and industry standards.
What We Need You to Have
Experience: 5+ years of demonstrated professional cybersecurity consulting experience or similar.
Communications Skills: Outstanding ability to explain complex cybersecurity and vendor risk concepts to a range of technical and non-technical audiences, in both written and verbal form.
Cybersecurity Expertise: Strong comprehension and ability to apply cybersecurity concepts, frameworks, technologies, controls, threat knowledge, and best practices to vendor risk.
Analytical Skills: Proficiency in common scripting languages (Python preferred) and/or Microsoft Excel (or equivalent) to analyze complex data, build trends, and spot patterns.
Client & Program Management: Demonstrated success managing multiple external clients and projects simultaneously, prioritizing competing demands, and meeting deadlines.
Solo and Team Excellence: Ability to thrive in fast-paced independent and collaborative settings.
Desired Certifications (One or More Completed): CRISC, CISSP, CISM, CISA, GSTRT, GCCC, GSLC, or GSNA. CRVPM, CTPRP, ISO 27001 Lead Auditor or technical certs are also a plus.
Languages: English (fluent). Other regional languages are a plus.
Other Desired Experience: Experience conducting cybersecurity audits, vendor risk assessments or broader vendor risk management.
Compensation and Benefits
Specific to each country, we offer a competitive salary, stock options, health benefits, and unlimited PTO, parental leave, tuition reimbursements, and much more. The estimated total compensation range for this position is $120,000 - $150,000 (base plus bonus). Actual compensation is based on factors including affordability, skills, qualifications and experience, and may vary from the range. In addition to base salary, employees may also be eligible for annual performance-based incentive compensation awards and equity, among other company benefits.
Equal Employment Opportunity
SecurityScorecard is committed to Equal Employment Opportunity and embraces diversity. We hire based on merit and do not discriminate based on race, color, religion, national origin, sex or gender (including pregnancy) gender identity or expression (including transgender status), sexual orientation, age, marital status, veteran status, disability status or any other protected category in accordance with applicable law.
We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact
Any information you submit to SecurityScorecard as part of your application will be processed in accordance with the Company’s privacy policy and applicable law.
SecurityScorecard does not accept unsolicited resumes from employment agencies. Please note that we do not provide immigration sponsorship for this position.
Details
Seniority level: Mid-Senior level
Employment type: Full-time
Job function: Consulting and Information Technology
Industries: Data Security Software Products, Computer and Network Security, Technology, Information and Media
#J-18808-Ljbffr