Sr. Analyst, Information Security (Third-Party Risk Management)

Lowe's Companies, Inc.
72d
Match Resume

About The Position

The Third-Party Risk Senior Analyst is responsible for leading the assessment, monitoring, and mitigation of risks associated with the organization's third-party relationships. This role will work cross-functionally with cybersecurity, legal, procurement, compliance, and business stakeholders to ensure vendors meet the company’s security, privacy, regulatory, and operational resilience standards. The ideal candidate will leverage industry best practices, risk quantification methodologies (e.g., FAIR), AI-driven assessment tools, and threat intelligence to strengthen third-party oversight across the enterprise.

Requirements

  • 4 Years of Experience in information security or equivalent military experience.

Nice To Haves

  • Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work experience in a related field).
  • IT experience in the retail industry.
  • Experience with Open-Source Intelligence (OSINT) tools and investigations.
  • Experience with information security programs, audits, controls, assessments, risk assessments, or remediation management.
  • Experience conducting information security risk assessments of vendors and vendor software.
  • Hands-on experience on GRC Applications & TPRM tools like Archer, LogicGate, SAP GRC, OneTrust, ProcessUnity, ServiceNow, BitSight, Prevalent, Black Kite, etc.
  • Retail business experience.
  • Experience with open-source Tools.
  • Experience with Vulnerability Management in Public/Hybrid cloud environments.
  • Understanding of Secure Software Lifecycle Development.
  • Relevant information security certifications (CISSP, CISM, CISA, CRISC, CTPRP, CTPRA, Security+, etc.)

Responsibilities

  • Conduct Risk Assessments to evaluate third parties (vendors, partners, suppliers) for information security and operational risks.
  • Review Security Documentation including SOC reports, ISO certifications, SIG questionnaires, and other compliance materials.
  • Continuously monitor third-party performance and security standing using internal tools and threat intelligence platforms.
  • Support onboarding and periodic reviews of third parties to ensure compliance with regulatory and company standards.
  • Work closely with procurement, legal, InfoSec, and compliance to assess and manage vendor risk throughout the lifecycle.
  • Track and maintain an accurate inventory of third parties and associated risks.
  • Identify gaps and work with internal stakeholders and vendors to remediate control deficiencies.
  • Create dashboards and reports to communicate risk findings, trends, and remediation status to leadership.
  • Research emerging threats (cybersecurity, geopolitical, regulatory) that may impact third-party relationships.
  • Ensure assessments align with risk frameworks (e.g., NIST, ISO, FAIR, SIG) and regulatory requirements (e.g., GDPR, CCPA).

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Education Level

Bachelor's degree

Number of Employees

5,001-10,000 employees

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service