Third-Party Risk Analyst

Salary- $90K/yr - $120K/yr
Remote
Posted 4 weeks ago

Job Summary

We are seeking a detail-oriented Third-Party Risk Analyst to evaluate, monitor, and manage risks associated with vendors, suppliers, business partners, and external service providers. The ideal candidate will support the organization’s Third-Party Risk Management (TPRM) program by conducting risk assessments, ensuring regulatory compliance, and identifying potential cybersecurity, operational, financial, and compliance risks across the vendor ecosystem.

This role collaborates with Procurement, Information Security, Legal, Compliance, Privacy, and Business teams to strengthen vendor governance and minimize organizational risk exposure.


Key Responsibilities

Vendor Risk Assessment

  • Conduct comprehensive third-party risk assessments for new and existing vendors.
  • Evaluate vendor security controls, compliance posture, and operational resilience.
  • Review security questionnaires, SOC reports, audit reports, and risk documentation.
  • Perform inherent and residual risk analysis.

Risk Monitoring & Due Diligence

  • Monitor vendor risk throughout the vendor lifecycle.
  • Identify and assess cybersecurity, operational, legal, privacy, and financial risks.
  • Track remediation plans and vendor corrective actions.
  • Maintain vendor risk registers and assessment records.

Compliance & Regulatory Support

  • Ensure compliance with industry regulations and standards.
  • Support audits related to third-party risk management.
  • Assist in developing vendor governance policies and procedures.
  • Evaluate vendor compliance with contractual security requirements.

Reporting & Stakeholder Management

  • Prepare risk assessment reports and executive summaries.
  • Present findings and recommendations to management.
  • Collaborate with procurement and business units during vendor onboarding.
  • Support risk committees and governance meetings.

Continuous Improvement

  • Improve third-party risk assessment methodologies.
  • Automate vendor risk management processes where possible.
  • Monitor emerging risks and industry best practices.
  • Contribute to enterprise risk management initiatives.

Required Qualifications

Education

  • Bachelor’s degree in Cybersecurity, Information Technology, Information Security, Risk Management, Business Administration, or related field.

Experience

  • 3+ years of experience in Third-Party Risk Management (TPRM), Vendor Risk Management, Cybersecurity Risk, Compliance, or Information Security.
  • Experience reviewing vendor security documentation and audit reports.
  • Familiarity with enterprise risk management frameworks.

Technical Skills

  • Third-Party Risk Management (TPRM)
  • Vendor Risk Assessment
  • Cybersecurity Risk Analysis
  • Risk Registers & Risk Scoring
  • Security Questionnaires
  • Vendor Due Diligence
  • Contract Risk Review
  • Data Privacy Assessments
  • Risk Reporting & Governance

Frameworks & Standards

  • NIST Cybersecurity Framework
  • NIST 800-53
  • ISO 27001
  • SOC 2
  • PCI-DSS
  • HIPAA
  • GDPR
  • CCPA

Tools

  • Archer
  • OneTrust
  • ServiceNow GRC
  • LogicGate
  • RSA Archer
  • Jira
  • Microsoft Excel & Power BI

Preferred Certifications

  • ISC2 CISSP
  • ISACA CISM
  • ISACA CRISC
  • Shared Assessments Certified Third-Party Risk Professional (CTPRP)
  • CompTIA Security+

Preferred Skills

  • Strong analytical and risk assessment capabilities.
  • Excellent written and verbal communication skills.
  • Ability to manage multiple vendor assessments simultaneously.
  • Experience working with cross-functional teams.
  • Knowledge of cybersecurity controls and cloud security practices.
  • Strong stakeholder management and presentation skills.

Job Features

Job CategoryCyber Security

Apply For This Job

A valid phone number is required.