Vendor Risk Assessment Contract Review Specialist

Cyber Security Cyber Risk Posted: 20-Jul-2022

Same job available in 11 locations

Atlanta, Georgia, United States

Austin, Texas, United States

Charlotte, North Carolina, United States

Columbus, Ohio, United States

Dallas, Texas, United States

Hermitage, Tennessee, United States

Houston, Texas, United States

Lake Mary, Florida, United States

Miami, Florida, United States

San Antonio, Texas, United States

Tampa, Florida, United States

Position summary:

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?

Want to make an impact that matters? Consider Deloitte Global.

Work you'll do

The Deloitte Global Cybersecurity function is responsible for the firm’s overall objectives of protecting Deloitte and Deloitte client data. The Vendor Risk Assessment (VRA) service team is seeking a VRA Contract Specialist, an IT professional with experience in vendor risk and contract negotiations. The VRA Contract Specialist will be driving a high-capacity contract review program focused on cybersecurity.

The VRA Contract Specialist is responsible for all aspects of cybersecurity terms in contracts and the contract review process as it pertains to the VRA service. Continuous improvement of alignment between Deloitte Global security standards, vendor risk compliance, and industry cybersecurity standards will be a primary responsibility of the role. This will involve working with member firm, and Global procurement, legal, privacy, technology, cybersecurity teams, as well as leadership to identify and manage Deloitte needs and requirements as they relate to supply chain risk. Based on these needs and requirements, the VRA Contract Specialist will manage and improve vendor risk contract review practices and processes to meet business and security objectives.

As the VRA Contract Specialist you will have responsibility for reducing vendor risk and related reporting metrics (KPI's). You will serve as the subject matter expert through conducting 3rd party contract negotiations, management, and enhancement of the VRA contract framework. The VRA Contract Specialist will have experience with risk mitigation and reduction strategies and will work closely with colleagues in procurement and legal groups to address risk in vendor agreements.


As part of the Global Cybersecurity function, the professional in this role will:

  • Advise business stakeholders, negotiate security terms, and work proactively to identify and address cybersecurity risks in vendor contracts.
  • Work collaboratively within Deloitte to ensure that contract templates and negotiation positions are kept up to date and reflect Deloitte’s security policies and standards.
  • Manage intake and delivery of vendor contract engagements within acceptable timelines.
  • Negotiate directly with suppliers or third parties.
  • Conduct contract related information security due diligence.
  • Identify issues in contracts with existing or potential vendors.
  • Suggest alternate contract terms in response to vendor edits while adhering to Deloitte security requirements.
  • Lead development, maintenance, and documentation of contract review workflow processes to ensure cybersecurity terms included in contracts are appropriate, meet internal baselines and optimize current processes to meet emerging risks.
  • Provide guidance to business, procurement, and other stakeholders to ensure requirements of Vendor Risk Management are fully understood and embedded in the vendor’s solution.

What you'll be part of - our Deloitte Global Culture:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Who you'll work with:

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.


  • At least 5 years of Information Security including at least 2 years contract negotiation experience
  • Experience working in a large, complex global environment
  • Knowledge of all components of cyber security including common security frameworks, such as: ISO 27001/27002, NIST CSF.
  • Experience working in the following areas: cyber risk; operational risk; and contract negotiations.
  • Training and experience in risk management
  • Specific knowledge of and experience with applicable concepts and methodologies such as continuous quality improvement risk quantification
  • Advanced communication skills (both verbal and written)
  • Experience with communication of technology and cybersecurity issues to both technical personnel and leadership with non-technical backgrounds.
  • Strong knowledge and working understanding of information security


  • Bachelor’s degree: preferably in an information technology-related field of study, or equivalent years of experience required


  • Professional IT or Security management certification desired
  • One or more of CISM or CRISC preferred; CISSP, CCSP, CISA, GIAC certifications beneficial

How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

Corporate citizenship:

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.