Security Assurance Analyst-TPRM

About The Position

Requirements

• 4 Year / Bachelors Degree in a related field.
• Minimum Certification: One or more of the following Certifications: CISSP, CRISC, CISA, CISM or other equivalents.
• 3 years Experience in 3rd party risk management, vendor security assessments, and supply chain risk evaluations including both physical and cyber risks.
• 2 years Experience in IT security assurance, auditing, and controls testing, and supply chain operations, logistics, and procurement processes.

Nice To Haves

• Preferred Certification: One or more of the following Certifications: CSCP or CRISC.
• Experience with GRC tools (e.g., Archer, LogicGate, OneTrust, ServiceNow, or similar) is a plus.

Responsibilities

• Conduct security risk assessments of third party vendors, including SaaS providers, cloud services, and critical business partners.
• Evaluate vendor security controls, certifications, and attestations (e.g., SOC 2, ISO 27001, SIG, CSA STAR, etc.)
• Identify security risks, document findings, and work with vendors on remediation plans.
• Perform on-site security reviews and audits of critical third parties as needed.
• Maintain and enhance the Third Party Risk Management (TPRM) framework, aligning with industry best practices.
• Partner with Procurement, Privacy, Legal, Software Intake, and Vendor Relationship Owners, and other business teams to integrate security risk considerations into vendor selection and contract negotiations.
• Perform annual re-validation of high-risk vendors to ensure compliance.
• Review lower risk-rated vendors on recurring cadences.
• Maintain TPRM policies and job aids.
• Train co-workers on processes, practices, and their TPRM responsibilities.
• Execute security and IT control testing to validate compliance with regulatory requirements and internal policies.
• Support enterprise compliance efforts.
• Assess cybersecurity policies, processes, and controls for effectiveness and alignment with industry frameworks.
• Assist in maintaining security documentation and audit artifacts to support internal and external audits.
• Perform information security assessments, compliance gap analyses, and risk assessments as needed.
• Administer TPRM processes in enterprise GRC platform.
• Conduct comprehensive supply chain risk assessments, identifying vulnerabilities and developing mitigation strategies.
• Develop and implement strategies to enhance supply chain resilience, including diversification of suppliers and maintaining inventory buffers.
• Collaborate with procurement and logistics teams to ensure continuity of supply during disruptions.
• Assess and manage cyber risks associated with the supply chain, including risks from third-party software and hardware.
• Analyze, recommend, and monitor cybersecurity measures to protect against supply chain attacks.
• Collaborate with Technology, IT Security, Engineering, Privacy, Risk Management, and other assurance or compliance teams to align third party risk management with enterprise security objectives.
• Prepare and deliver risk assessment reports, security scorecards, and executive summaries.
• Generate and QA third party risk metrics (KRIs/KPIs) and provide periodic reporting to leadership.
• Cross-train with team members.
• Train end-users and manage the work of those submitting vendor requests.

Benefits

• Paid Vacation Time and Paid Sick Time and Paid Holidays
• 401k 6% match with immediate vesting
• Nationwide Medical Insurance plans and coverage (Medical, Dental/Orthodontia, Vision)
• TeleDoc HSA company match
• 3 Medical plan options including a Low Deductible PPO Medical Plan Offering
• Employee Assistance Program
• Engaged Employee Resource Groups
• Outstanding Learning and Career Development Opportunities