• Senior Analyst, Information Security & IT Vendor…

    Quality Technology Services, LLC (Ashburn, VA)


    Who We Are:

    It's pretty exciting, to find yourself standing in a pivotal moment in time. It’s even more exciting to be out front leading it. At QTS, our world-class data centers are supporting our customers most strategic growth initiatives, positioning us at the forefront of today’s dynamic digital transformation.

     

    As AI and cloud drive the demand for increased speed, capacity and capability, QTS has emerged as the global digital infrastructure leader, committed to connecting the world for good. Driven by purpose and fueled by a spirit of innovation, QTS designs, builds and operates some of the world’s most advanced, forward-thinking data centers. **QTS is a portfolio company of Blackstone.**

     

    QTS is **Powered by People** . People who play a vital role in our company’s culture, innovation and growth. People who are committed to contributing to the communities where we operate and work. People who are knowledgeable, resourceful and mission driven. Together, we do great things.

    Who You Are:

    The Senior Analyst, Information Security & IT Vendor Risk Management, will provide subject matter expertise in third-party security risk oversight, owning the platform used to manage IT vendors and executing key functions within the QTS Third-Party Risk Management (TPRM) program.

     

    This role ensures consistent application of security and compliance requirements across the vendor ecosystem, performs in-depth risk assessments, supports remediation of vendor-related cyber incidents or breaches, and drives continuous improvement in alignment with enterprise security strategy.

     

    This position reports to the Sr. Manager of TPRM and partners closely with Information Security, IT, Procurement, Legal, and Compliance stakeholders.

     

    This position is available in any of these three QTS locations: Overland Park, KS; Suwanee, GA; or Ashburn, VA.

    What You Will Do:

    + Own and administer the TPRM/Vendor Risk Management (VRM) platform used for vendor onboarding, due diligence, periodic assessments, issue management, ongoing monitoring, and off-boarding.

    + Lead security-focused risk assessments of IT and cloud vendors, analyzing controls for infrastructure, applications, privacy, and business continuity.

    + Support third-party incidents and breach remediation by coordinating with vendors and internal stakeholders to identify & validate impact, document response, and track corrective actions.

    + Monitor vendor performance and control effectiveness against recognized security frameworks (NIST, ISO 27001, SOC 2, HITRUST, CMMC, PCI DSS) and regulatory requirements (GDPR, HIPAA, etc.).

    + Create and maintain the risk register, maintain the vendor inventory and issue tracking with accurate, up-to-date information within the VRM platform.

    + Provide executive reporting on vendor risk posture, program metrics, incident & remediation status.

    + Partner with stakeholders to update standards, procedures, and controls, maturing the TPRM program to meet evolving cyber and regulatory requirements.

    + Liaise with internal and external auditors to manage IT security and compliance reviews tied to vendor controls.

    + Deliver training and awareness to stakeholders to strengthen risk management culture across business functions.

    + Stay updated on the latest security trends and threat intelligence.

    What You Need To Be Successful:

    + Bachelor’s degree required.

    + Minimum of 5 years of experience in IT security risk management, third-party/vendor risk management, or related fields.

    + Previous vendor management experience required

    + Understanding of security risks across IT operations, including application development, cloud infrastructure, and disaster recovery.

    + Proficient in applying security and compliance frameworks such as NIST, ISO 27001, SOC 2, PCI DSS, HITRUST, GDPR, CMMC, and HIPAA.

    + Experience managing or administering vendor risk management (VRM/TPRM) or governance, risk, and compliance (GRC) platforms.

    + Skilled in evaluating SOC 2 reports, penetration test results, security questionnaires, and vendor security documentation.

    + Proven ability to assess risk and identify vulnerabilities through detailed risk reviews.

    + Demonstrated experience supporting third-party cyber incidents and breach response efforts.

    Knowledge, Skills & Abilities

    + Strong analytical and problem-solving skills with a focus on identifying security gaps and remediating vendor risks.

    + Highly organized, detail-oriented, and capable of managing multiple vendor reviews simultaneously.

    + Excellent written and verbal communication skills with ability to present technical risks in business terms.

    + Strong relationship management skills and ability to influence stakeholders across procurement, IT, security, and business functions.

    + Adaptable and agile, with the ability to respond quickly to new security threats, incidents, and regulatory changes.

    + High degree of confidentiality, integrity, and accountability.

    + Proficient in Microsoft Office tools; experience with vendor risk management platforms/GRC systems preferred.

     

    The Perks (and these are just a few!):

     

    + Employer Paid Benefits

    + 401K with Employer Match

    + QRest Sabbatical

    + Employee Stock Purchase

    + QTS scholarship for dependents

    + Eagle Club award trip eligibility

    + Paid volunteer days

    + Tuition assistance, parental leave and military leave assistance

     

    Total Rewards

     

    This role is also eligible for a competitive benefits package that includes: medical, dental, vision, life, and disability insurance; 401(k) retirement plan; flexible spending and HSA accounts; paid holidays; paid time off; paid volunteer days; employee assistance program; tuition assistance; parental leave; military leave assistance; QTS scholarship for dependents; wellness program, and other company benefits.

     

    This position is bonus eligible.

    \#LI-LS1

    We conform to all the laws, statutes, and regulations concerning equal employment opportunities and affirmative action. We strongly encourage women, minorities, individuals with disabilities and veterans to apply to all of our job openings. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, or national origin, age, disability status, Genetic Information & Testing, Family & Medical Leave, protected veteran status, or any other characteristic protected by law. We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer or the government, or against any individuals who assist or participate in the investigation of any complaint or discrimination claim.

    The "Know Your Rights" Poster is included here:

    Know Your Rights (English) (http://www.eeoc.gov/sites/default/files/2022-10/22-088\_EEOC\_KnowYourRights\_10\_20.pdf)

     

    Know Your Rights (Spanish)

    The pay transparency policy is available here:

    Pay Transparency Nondiscrimination Poster-Formatted (https://www.dol.gov/sites/dolgov/files/OFCCP/pdf/pay-transp\_%20English\_formattedESQA508c.pdf)

     

    QTS is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to [email protected] and let us know the nature of your request and your contact information.

     

    It’s exhilarating to find yourself at a pivotal moment in history— and even more so to be leading the way. At QTS Data Centers, we are proud to stand at the forefront of today’s dynamic digital transformation. Our world-class data centers empower our customers’ most strategic growth initiatives, positioning us as a global leader in digital infrastructure.

     

    As AI and cloud technologies fuel the demand for increased speed, capacity, and innovation, QTS has emerged as the global digital infrastructure leader. We are committed to connecting the globe for good. Driven by purpose and a spirit of innovation, we design, build, and operate some of the most advanced data centers worldwide. In addition to our cutting-edge technology, we are dedicated to sustainability, incorporating renewable energy solutions to minimize our environmental footprint and drive meaningful impact. As a proud portfolio company of Blackstone, QTS is uniquely positioned to achieve ambitious growth and innovation goals.

     

    At QTS, we are _Powered by People_ . Our team members are the cornerstone of our culture, innovation, and growth. They are mission-driven, resourceful, and committed to making a positive impact in the communities where we live and work. Together, we’re achieving remarkable things and shaping the future of digital infrastructure.

     

    And we’d like to invite you to join us.

    In addition to a variety of benefit packages, QTS goes above and beyond for our employees:

    + Roth and Traditional 401(k) matching contributions with immediate vesting

    + Every employee is bonus or commission eligible

    + Generous PTO, Paid Volunteer Days Plus Floating Holidays

    + Stock Purchase Plan (SPP)

    + 11 paid Holidays Annually/Holiday compensation when worked

    + Pet and Legal Insurance

    + Q-Rest Sabbatical Program

    + Q-Anniversary Service Award Program

    + Parental Leave for primary and secondary caregivers

    + Military Benefits Package

    + QTS Charitable Matching Gift Program

    + QTS Scholarship for Employee Dependents

    + QTS Crisis Fund

    + Wellness Program

    + Tuition Reimbursement Program