Senior Analyst, Third-Party Risk Management

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or related field.
• 3-4 years in cybersecurity risk management, with at least 2 years focused on third-party/vendor risk.
• Strong understanding of risk assessment methodologies and regulatory frameworks.
• Proficiency in risk management tools and platforms.
• Excellent analytical, communication, and stakeholder management skills.
• Ability to interpret technical security controls and translate them into business risk impact.
• Strong understanding of information security frameworks (e.g., NIST CSF, ISO 27001).

Nice To Haves

• Relevant certifications preferred (e.g., CISSP, CISM, CRISC).
• Proficiency in GRC and TPRM platforms (e.g., OneTrust, ServiceNow GRC preferred) and risk assessment tools.

Responsibilities

• Conduct comprehensive cybersecurity risk assessments for new and existing vendors.
• Evaluate vendor security posture against industry standards (e.g., NIST, ISO 27001, CIS).
• Maintain ongoing monitoring of third-party risks using tools and platforms (e.g., BitSight, OneTrust).
• Develop and present risk reports to leadership, highlighting critical findings and remediation plans.
• Ensure third-party engagements comply with internal security policies and regulatory requirements (e.g. GDPR, HIPAA, PCI DSS).
• Collaborate with Legal and Procurement teams to integrate security requirements into contracts and SLAs.
• Work with vendors to address identified gaps and track remediation progress.
• Escalate high-risk findings and recommend risk treatment strategies.
• Support the enhancement of the TPRM program, including process improvements and automation.
• Assist in developing risk scoring methodologies and vendor tiering models.
• Partner with internal teams (IT, Compliance, Procurement) to align risk management objectives.
• Provide guidance and training on third-party risk best practices.