Senior Analyst, Information Security & IT Vendor Risk Management

Who We Are:

Its pretty exciting to find yourself standing in a pivotal moment in time. Its even more exciting to be out front leading it. At QTS our world-class data centers are supporting our customers most strategic growth initiatives positioning us at the forefront of todays dynamic digital transformation.

As AI and cloud drive the demand for increased speed capacity and capability QTS has emerged as the global digital infrastructure leader committed to connecting the world for good. Driven by purpose and fueled by a spirit of innovation QTS designs builds and operates some of the worlds most advanced forward-thinking data centers. QTS is a portfolio company of Blackstone.

QTS is Powered by People. People who play a vital role in our companys culture innovation and growth. People who are committed to contributing to the communities where we operate and work. People who are knowledgeable resourceful and mission driven. Together we do great things.

Who You Are:

The Senior Analyst Information Security & IT Vendor Risk Management will provide subject matter expertise in third-party security risk oversight owning the platform used to manage IT vendors and executing key functions within the QTS Third-Party Risk Management (TPRM) program.

This role ensures consistent application of security and compliance requirements across the vendor ecosystem performs in-depth risk assessments supports remediation of vendor-related cyber incidents or breaches and drives continuous improvement in alignment with enterprise security strategy.

This position reports to the Sr. Manager of TPRM and partners closely with Information Security IT Procurement Legal and Compliance stakeholders.

This position is available in any of these three QTS locations: Overland Park KS; Suwanee GA; or Ashburn VA.

What You Will Do:

• Own and administer the TPRM/Vendor Risk Management (VRM) platform used for vendor onboarding due diligence periodic assessments issue management ongoing monitoring and off-boarding.

• Lead security-focused risk assessments of IT and cloud vendors analyzing controls for infrastructure applications privacy and business continuity.

• Support third-party incidents and breach remediation by coordinating with vendors and internal stakeholders to identify & validate impact document response and track corrective actions.

• Monitor vendor performance and control effectiveness against recognized security frameworks (NIST ISO 27001 SOC 2 HITRUST CMMC PCI DSS) and regulatory requirements (GDPR HIPAA etc.).

• Create and maintain the risk register maintain the vendor inventory and issue tracking with accurate up-to-date information within the VRM platform.

• Provide executive reporting on vendor risk posture program metrics incident & remediation status.

• Partner with stakeholders to update standards procedures and controls maturing the TPRM program to meet evolving cyber and regulatory requirements.

• Liaise with internal and external auditors to manage IT security and compliance reviews tied to vendor controls.

• Deliver training and awareness to stakeholders to strengthen risk management culture across business functions.

• Stay updated on the latest security trends and threat intelligence.

What You Need To Be Successful:

• Bachelors degree required.

• Minimum of 5 years of experience in IT security risk management third-party/vendor risk management or related fields.

• Previous vendor management experience required

• Understanding of security risks across IT operations including application development cloud infrastructure and disaster recovery.

• Proficient in applying security and compliance frameworks such as NIST ISO 27001 SOC 2 PCI DSS HITRUST GDPR CMMC and HIPAA.

• Experience managing or administering vendor risk management (VRM/TPRM) or governance risk and compliance (GRC) platforms.

• Skilled in evaluating SOC 2 reports penetration test results security questionnaires and vendor security documentation.

• Proven ability to assess risk and identify vulnerabilities through detailed risk reviews.

• Demonstrated experience supporting third-party cyber incidents and breach response efforts.

Knowledge Skills & Abilities

• Strong analytical and problem-solving skills with a focus on identifying security gaps and remediating vendor risks.

• Highly organized detail-oriented and capable of managing multiple vendor reviews simultaneously.

• Excellent written and verbal communication skills with ability to present technical risks in business terms.

• Strong relationship management skills and ability to influence stakeholders across procurement IT security and business functions.

• Adaptable and agile with the ability to respond quickly to new security threats incidents and regulatory changes.

• High degree of confidentiality integrity and accountability.

• Proficient in Microsoft Office tools; experience with vendor risk management platforms/GRC systems preferred.

The Perks (and these are just a few!):

• Employer Paid Benefits

• 401K with Employer Match

• QRest Sabbatical

• Employee Stock Purchase

• QTS scholarship for dependents

• Eagle Club award trip eligibility

• Paid volunteer days

• Tuition assistance parental leave and military leave assistance

Total Rewards
This role is also eligible for a competitive benefits package that includes: medical dental vision life and disability insurance; 401(k) retirement plan; flexible spending and HSA accounts; paid holidays; paid time off; paid volunteer days; employee assistance program; tuition assistance; parental leave; military leave assistance; QTS scholarship for dependents; wellness program and other company benefits.

This position is bonus eligible.

#LI-LS1

We conform to all the laws statutes and regulations concerning equal employment opportunities and affirmative action. We strongly encourage women minorities individuals with disabilities and veterans to apply to all of our job openings. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race color religion gender sexual orientation gender identity or national origin age disability status Genetic Information & Testing Family & Medical Leave protected veteran status or any other characteristic protected by law. We prohibit retaliation against individuals who bring forth any complaint orally or in writing to the employer or the government or against any individuals who assist or participate in the investigation of any complaint or discrimination claim.

The Know Your Rights Poster is included here:

Know Your Rights (English)

Know Your Rights (Spanish)

The pay transparency policy is available here:

Pay Transparency Nondiscrimination Poster-Formatted

QTS is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process please send an e-mail to and let us know the nature of your request and your contact information.