Job Title: Vendor Risk and Regulatory Compliance Specialist
Position details: Full-time, exempt, remote position in South Africa
Reports to: Manager, Certification, Data Privacy, and Internal Audit

Required Experience:

• Direct experience conducting third-party due diligence, evaluating vendors, partners, or
  suppliers.
• Cybersecurity Experience: A strong background in cybersecurity, such as experience and
  knowledge in key security concepts such as vulnerability management, incident response, and network security. This is important because you need to evaluate the security posture of third parties to assess whether their systems and practices could pose a risk to your organization.
• Third-Party Risk Management: Direct experience with third-party risk assessments, focusing on how third-party vendors and service providers manage security and data protection. This includes assessing risks related to data breaches, cybersecurity threats, and the potential compromise of sensitive information.
• Compliance and Regulatory Knowledge: Familiarity with relevant compliance standards and regulations.

Education:

• Relevant certifications are advantageous.

Technical skills

• Information security knowledge
  • Understanding of security frameworks (ISO 27001, NIST, CIS Controls)
  • Familiarity with security best practices, including secure software configurations and secure coding practices
  • Experience reviewing technology security risks, such as software libraries, desktop software, and technology assessments
• Risk assessment and management
  • Ability to perform security and privacy risk assessments
  • Skilled in maintaining and updating risk registers
  • Competence in assessing and documenting risk treatments
  • Experience performing gap analysis and implementing corrective action plans
  • Competency in performing Artificial Intelligence impact assessments
• Privacy and data protection
  • Familiarity with global privacy regulations (e.g., GDPR, POPIA, CCPA)
  • Experience conducting Data Protection Impact Assessments (DPIA)
  • Ability to perform Legitimate Interest Assessments (LIA)
  • Maintaining personal data registers and retention schedules
  • Knowledge of managing personal data breaches and notifications
• Compliance and regulatory expertise
  • Understanding of vendor compliance and due diligence processes
  • Familiarity with privacy and regulatory obligations embedded within contracts
  • Capability in reviewing data processing activities against regulatory
    requirements
  • Contract review and management
  • Ability to interpret contractual terms and conditions from a security and
    privacy perspective
  • Skilled in identifying and clearly communicating contractual obligations
    to the business

Soft skills

• Communication skills
  • Strong written and verbal communication to liaise clearly with vendors and
    internal stakeholders
  • Ability to translate technical security/privacy terms into understandable
    business language
• Analytical thinking
  • Detail-oriented approach to evaluating contracts and vendor information
  • Strong analytical skills to effectively identify, assess, and prioritise risks
• Documentation and reporting
  • Proficiency in maintaining accurate, thorough, and organized documentation (risk registers, vendor assessments, incident reports, etc.)
  • Experience preparing clear and concise reports for management and internal stakeholders
• Collaboration and stakeholder management
  • Ability to effectively collaborate across teams, including business, stakeholders, technical teams, legal, and vendors
  • Confidence in working with external vendors to gather necessary security/privacy information
• Project management and organizational skills
  • Capacity to manage multiple assessments and reviews simultaneously
  • Strong organizational skills to maintain accurate documentation, reporting schedules, and deliverables timelines

About Us
Netstock is a leader in providing inventory optimization and supply/demand planning tools to businesses worldwide. As we continue to expand, we are looking for a dynamic Partner Marketing Manager to drive joint marketing initiatives with some of the leading enterprise software solutions: Sage, Microsoft, NetSuite, and Acumatica. This role will be crucial in building and managing strategic partnerships, aligning marketing strategies, and executing co-branded campaigns to drive mutual growth and market share. https://www.netstock.com/