CIS (Center for Internet Security) is the trusted guide to confidence in the connected world. CIS collaborates with the global security community to lead both government and private-sector entities to security solutions and resources. CIS is an independent, not-for-profit organization. 

The Vendor Risk Assessor Intern is assigned to the Information Security Team at CIS.  Reporting to the Director, Information Security Governance, Risk and Compliance, the Vendor Risk Assessor shall partner with other cybersecurity team members to promote the CIS mission and governance of our growing supply chain.  The primary purpose of this position is to evaluate, manage and measure the internal standards and best practices to support compliance of product and service providers.

• Identify required controls to be reviewed per vendor risk management policy
• Implement risk-based review of current and prospective vendors which includes, but not limited to score card criteria development for automating assessments
• Monitor requests for vendor information via Third Party Risk Questionnaires and artifacts for assessing the security controls of the vendor organization
• Provide input into building new processes and assessment criteria for open source software, critical vendors, and service providers
• Other tasks and responsibilities as assigned

• Bachelor’s degree in a related field or an Associate’s degree with 5 years’ experience
• 2 years’ experience in IT auditing, security operations or related position
• Experience with vendor assessments or knowledge of best practices in vendor risk management

It's a Plus if You Have

• Non-Profit experience
• Master degree in either Computer Science, Cybersecurity, IT Compliance.
• Contributed or developed information technology policies, standards and procedures.
• Experience with third party risk management 
• Familiarity with ISO 31000 Standard for Risk Management

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.