How to Recruit the Right Analysts for Your InfoSec Team

June 29, 2022

When it comes to building the ultimate InfoSec team to tackle every risk assessment, questionnaire, and response that comes your way, where should you start? While every role on any team is unique and delivers value, one unsung hero of an InfoSec team stands above the rest—the vendor risk analyst.


How analysts contribute to vendor risk management

Most vendor risk analysts are a "jack of all trades" when it comes to their positions on an InfoSec team. From identifying potential risk areas to developing contingency plans to deal with unexpected emergencies, analysts are the boots on the ground when dealing with vendor data and how exactly a vendor’s information can be shared or received with your organization.

Several specific duties of an analyst on an InfoSec team include:

  • Reviewing inbound vendor questionnaires and/or assessments against internal requirements
  • Measuring, grading, and publishing the risk of a specific decision
  • Gathering and documenting security best practices and publishing recommended controls for both internal and external stakeholders


How to find the right analysts for your team

There are two main areas you should focus on when recruiting new analysts to join your team: the traits and experience of the applicants and where you are finding these new applicants. First, let’s look at what traits, skills, and other qualities to consider in an analyst. While these applicants must be highly analytical, good at working with large amounts of data, and quick to solve critical problems, they should also be able to be flexible and work around issues. The ability to tackle analytical problems from a creative mindset is an unsung trait of any successful vendor risk analyst.

When it comes time to look for a new analyst to join your InfoSec team, where you find this person can predict the level of success they will have at your organization. While job sites like LinkedIn and Indeed are always an excellent place to start, hiring a new analyst is a great time to tap into your extensive InfoSec network. Finding an experienced analyst (or even someone just starting in their career that shows promise) and having a referral from a trusted colleague or peer means you and your new analyst can enter into your professional relationship with some established trust. 


Want to learn more? 

Developing a modern, scalable, and strategic vendor risk management strategy doesn’t happen overnight. Whether you’re looking to optimize your existing vendor risk processes or build a vendor risk management strategy from the ground up with the right analysts as a part of the team, Whistic can help. With a vendor risk management solution built specifically to tackle today’s cloud-based, open-source data-sharing world.

Whistic makes it easy to get your InfoSec team on track—and gives your analysts the tools they need to be more successful in their position. You can get started and learn more about Whistic here.

information security cybersecurity vendor risk assessment infosec vendor security review vendor security management

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.