Primary Responsibilities
- Strategic Risk Advisory: Review vendor risk by evaluating security assessments and documentation; deliver actionable recommendations to strengthen client risk postures.
- Technical Security Assessments: Conduct comprehensive vulnerability scans and penetration tests for Smarsh customers using industry-leading, off-the-shelf security tools.
- Vulnerability Reporting: Produce detailed technical reports that categorize vulnerabilities and provide actionable remediation strategies to help clients resolve security gaps.
- Client Relationship Management: Serve as a subject matter expert and primary point of contact, guiding clients through platform features and cybersecurity best practices via phone and email.
- Operational Leadership: Manage regular client engagements, deliver high-quality due diligence reports, and contribute to the continuous improvement of Smarsh VRM team operations.
Requirements & Qualifications
- Experience & Certifications
- 3–5 years of professional experience specifically within Vendor Risk Management or Information Security.
- Relevant industry certifications are highly desirable (e.g., CTPRP, CISA, CISM, CRISC).
- Technical Proficiency
- Security Tooling: Familiarity with tools such as Nessus, Metasploit, or Cobalt Strike.
- Core Fundamentals: Strong understanding of TCP/IP networking, server administration, and cybersecurity controls (processes, procedures, and policies).
- Software: Proficient in Salesforce CRM, Microsoft Office Suite, and MS Teams.
- AI Usage & Innovation
- Efficiency via AI: Ability to use AI tools to automate repetitive tasks, such as data mapping, report drafting, or initial vendor documentation reviews.
- AI-Enabled Analysis: Utilize and recommend enhancements to Smarsh’s AI review tools to automate the extraction of critical data from vendor security documentation.
- Strategic Optimization: Collaborate with product teams to refine AI prompts and workflows, reducing the "false positive" rate in automated compliance flagging.
- Continuous Learning: A proactive interest in staying current with how AI is changing the threat landscape and the tools used to defend it.
- Professional Skills
- Risk Analysis: Proven ability to review complex security assessments for completeness and overall risk impact.
- Communication: Exceptional written and verbal communication skills with a "customer-first" mindset.
- Project Management: Ability to manage multiple parallel workstreams and document processes accurately under tight deadlines.
- Self-Direction: A proactive, self-motivated professional capable of working independently for extended periods while maintaining high standards.
