Our Loews Hotels & Co Home Office teams provide support to all our properties throughout the United States and Canada. Our talented teams provide guidance over strategic planning, operations, revenue management, communications, marketing, finance, human resources, and information technology. This position is based at the Loews Hotels & Co Business Services Center in Franklin, TN. ** We offer hybrid flexibility** Purpose: The IT Vendor Risk Analyst assesses prospective and current IT service providers, focusing on risks to company systems and information, and works with relationship owners to evaluate, measure, and remediate risk. The analyst is expected to identify and suggest new practices, processes, tools, metrics, or models, supported with data. He/she/they also participate in the implementation of such changes at the direction of senior team members. Essential Functions & Responsibilities: Maintaining the completeness and accuracy of program documentation, including policies, standards, procedures, roles and responsibilities and other supporting documents. Creating and delivering program training to IT and other team members as needed. Acts as custodian of the IT vendor inventory updating as requested by vendor relationship owners and management. Executing procedures to assess various controls for all IT vendors throughout their lifecycle to identify risk areas, evaluate controls, ensure compliance with internal and external requirements, and document gaps. Procedures may include, but are not limited to: Reviewing documents, such as contracts, audit reports, and diagrams. Conducting interviews with vendor team members. Performing in-person procedures at hotels or vendor locations to verify controls. Identifying control gaps; documenting them in the IT risk register and partnering with IT Risk Team to quantify them. Tracking the status of action plans. Identifies and tracks issues of internal non-compliance with standards; identifies patterns and suggests corrective actions such as individual coaching, supporting documents and guides, etc. Suggesting and designing program metrics for senior team members Creating meaningful output to effectively communicate security, compliance, and governance-related concepts and controls across a variety of audiences, including non-technical ones. Participating as needed in the audit of IT projects, standards, procedures, and controls. Undertaking other duties as assigned. Qualifications: The individual must possess the following qualifications and be able to explain and demonstrate that he/she can perform the essential functions of the job, with or without reasonable accommodation: BS in Management Information Systems, Information Management or other business discipline, or equivalent experience Minimum four (4) years working in Information Technology, Governance, Risk Management, or Audit & Advisory Minimum two (2) years focused on third-party or vendor risk Strong collaboration and communication skills (written and verbal), able to convey appropriate urgency, clarity of action required and expectations for response through both messaging and selection of media Strong analytical and logical skills with acute attention to detail Ability to identify a problem or situation, develop potential solutions, analyze them considering potential impact (upstream, downstream and to people), and present them to decision-makers with pros and cons Capability to be a self-starter who can follow through and drive assignments to completion by assigned due dates, with minimal oversight Ability to proactively apply appropriate sense of urgency to communications and activities Understanding of IT Governance frameworks and standards and ability to apply them practically Demonstrated capability to learn on the job Proven multi-tasking and organization skills Experience delivering in-person training for IT standards, tools, and procedures Understanding of IT Governance frameworks and standards and ability to apply them High level of integrity, trustworthiness, and confidence to represent the team and company with the highest level of professionalism Preferred Qualifications: Experience working in a start-up environment Familiarity with operations in the hospitality industry One or more of the following certifications: CRISC CGEIT CGRC Prior specialization in the following areas: Risk Identification and Assessment IT Infrastructure IT Procurement and Vendor Management System Development Lifecycle Network Engineering and Management Cloud-based applications Headquartered in New York City, Loews Hotels & Co is rooted in deep heritage in the hotel industry and excellence in service. As one of the only independently owned family hotel companies, we know that hospitality comes from the heart. Loews Hotels & Co owns and operates hotels and resorts across the U.S. and Canada. Located in major city centers and resort destinations, including multiple hotels in partnership with Universal Orlando Resort, Loews Hotels & Co features properties grounded in family heritage and dedicated to delivering unscripted guest moments, all with a locally handcrafted approach. We pride ourselves on the individuality and uniqueness of our offering. Joining Loews Hotels & Co means not just gaining a job, it means becoming a part of a family. A family where Team Member growth and empowerment are part of our DNA and have been for decades. We offer progressive benefits including paid parental leave, 401K matching and travel benefits, and opportunities for ongoing learning and development. But beyond that, as a member of the Loews Hotels family, you are part of a culture of diversity and inclusion, one that works hard to protect our environment with eco-friendly and sustainability programs, and one that is always a good neighbor to their communities, supporting them in ways large and small. We welcome you to join us. Loews Hotels & Co is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and pregnancy-related conditions), gender identity or expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, genetic information, or any other characteristic protected by applicable federal, state or local laws and ordinances.