Text copied to clipboard!
Title
Text copied to clipboard!SIG Specialist
Description
Text copied to clipboard!
We are looking for a highly skilled SIG Specialist to join our cybersecurity and risk management team. The SIG (Standardized Information Gathering) Specialist plays a critical role in evaluating third-party vendors and internal systems for compliance with industry-standard security frameworks. This position requires a deep understanding of information security, risk assessment methodologies, and regulatory compliance standards such as ISO 27001, NIST, SOC 2, and GDPR.
As a SIG Specialist, you will be responsible for managing and completing SIG questionnaires, analyzing vendor responses, and identifying potential security risks. You will collaborate closely with procurement, legal, IT security, and business units to ensure that third-party vendors meet the organization’s security and compliance requirements. You will also contribute to the development and maintenance of internal SIG processes and tools to streamline risk assessments and improve overall security posture.
The ideal candidate will have experience in third-party risk management, strong analytical and communication skills, and a proactive approach to identifying and mitigating risks. You should be comfortable working in a fast-paced environment and managing multiple assessments simultaneously. Familiarity with tools such as OneTrust, Archer, or similar GRC platforms is a plus.
This role is essential in helping the organization maintain a secure and compliant vendor ecosystem, reduce exposure to cyber threats, and support business continuity. If you are passionate about cybersecurity, risk management, and working with cross-functional teams, we encourage you to apply.
Responsibilities
Text copied to clipboard!- Complete and manage SIG questionnaires for third-party vendors
- Analyze vendor responses and identify potential security risks
- Collaborate with internal teams to assess vendor compliance
- Maintain and update SIG templates and documentation
- Support audits and regulatory compliance efforts
- Develop and improve SIG-related processes and tools
- Track and report on risk assessment findings
- Provide guidance on security best practices to stakeholders
- Ensure timely completion of assessments and follow-ups
- Assist in vendor onboarding and due diligence processes
Requirements
Text copied to clipboard!- Bachelor’s degree in Information Security, IT, or related field
- 3+ years of experience in third-party risk management or cybersecurity
- Strong knowledge of SIG questionnaires and security frameworks
- Familiarity with ISO 27001, NIST, SOC 2, and GDPR
- Excellent analytical and problem-solving skills
- Strong written and verbal communication abilities
- Experience with GRC tools like OneTrust or Archer is a plus
- Ability to manage multiple projects and deadlines
- Detail-oriented with a focus on accuracy and compliance
- Team player with a proactive and collaborative mindset
Potential interview questions
Text copied to clipboard!- What experience do you have with SIG questionnaires?
- How do you assess the security posture of a third-party vendor?
- Can you describe your familiarity with ISO 27001 or SOC 2?
- What tools have you used for risk assessments?
- How do you prioritize multiple assessments with tight deadlines?
- Describe a time you identified a major risk in a vendor assessment.
- What steps do you take to ensure compliance with data protection laws?
- How do you stay updated on cybersecurity trends and regulations?
- Have you worked with cross-functional teams on risk assessments?
- What improvements have you made to SIG processes in the past?
