Headquartered in New York City, located in the heart of Midtown Manhattan, our Loews Hotels & Co Home Office teams support our properties throughout the United States and Canada. Our talented teams provide guidance over strategic planning, operations, revenue management, communications, sales, development, brand marketing, finance, human resources and information technology.
Purpose:
The IT Vendor Risk Analyst assesses prospective and current IT service providers, focusing on risks to company systems and information, and works with relationship owners to evaluate, measure, and remediate risk.
The analyst is expected to identify and suggest new practices, processes, tools, metrics, or models, supported with data. He/she/they also participate in the implementation of such changes at the direction of senior team members.
Essential Functions & Responsibilities:

• Maintaining the completeness and accuracy of program documentation, including policies, standards, procedures, roles and responsibilities and other supporting documents.
• Creating and delivering program training to IT and other team members as needed.
• Acts as custodian of the IT vendor inventory updating as requested by vendor relationship owners and management.
• Executing procedures to assess various controls for all IT vendors throughout their lifecycle to identify risk areas, evaluate controls, ensure compliance with internal and external requirements, and document gaps. Procedures may include, but are not limited to:
  • Reviewing documents, such as contracts, audit reports, and diagrams.
  • Conducting interviews with vendor team members.
  • Performing in-person procedures at hotels or vendor locations to verify controls.
• Identifying control gaps; documenting them in the IT risk register and partnering with IT Risk Team to quantify them.
• Tracking the status of action plans.
• Identifies and tracks issues of internal non-compliance with standards; identifies patterns and suggests corrective actions such as individual coaching, supporting documents and guides, etc.
• Suggesting and designing program metrics for senior team members
• Creating meaningful output to effectively communicate security, compliance, and governance-related concepts and controls across a variety of audiences, including non-technical ones.

• Participating as needed in the audit of IT projects, standards, procedures, and controls.
• Undertaking other duties as assigned.

Qualifications:

• The individual must possess the following qualifications and be able to explain and demonstrate that he/she can perform the essential functions of the job, with or without reasonable accommodation:

• BS in Management Information Systems, Information Management or other business discipline, or equivalent experience
• Minimum four (4) years working in Information Technology, Governance, Risk Management, or Audit & Advisory
• Minimum two (2) years focused on third-party or vendor risk
• Strong collaboration and communication skills (written and verbal), able to convey appropriate urgency, clarity of action required and expectations for response through both messaging and selection of media
• Strong analytical and logical skills with acute attention to detail
• Ability to identify a problem or situation, develop potential solutions, analyze them considering potential impact (upstream, downstream and to people), and present them to decision-makers with pros and cons
• Capability to be a self-starter who can follow through and drive assignments to completion by assigned due dates, with minimal oversight
• Ability to proactively apply appropriate sense of urgency to communications and activities
• Understanding of IT Governance frameworks and standards and ability to apply them practically

• Demonstrated capability to learn on the job
• Proven multi-tasking and organization skills
• Experience delivering in-person training for IT standards, tools, and procedures
• Understanding of IT Governance frameworks and standards and ability to apply them
• High level of integrity, trustworthiness, and confidence to represent the team and company with the highest level of professionalism

Preferred Qualifications:

• Experience working in a start-up environment
• Familiarity with operations in the hospitality industry
• One or more of the following certifications:
  • CRISC
  • CGEIT
  • CGRC
• Prior specialization in the following areas:
  • Risk Identification and Assessment
  • IT Infrastructure
  • IT Procurement and Vendor Management
  • System Development Lifecycle
  • Network Engineering and Management
  • Cloud-based applications

Salary range for this position, based on experience, is $88,000.00 to $110,000.00.