Sr Third Party Risk Analyst (TPRM)

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Risk Management, or a related technical field.
• 5+ years of combined experience in information security, cybersecurity, or technical/analytical roles.
• Experience operating in fast‑paced, high‑accountability environments where prioritization and time sensitivity matter.
• 2–5 years of hands‑on cybersecurity experience, ideally within financial services or healthcare.
• Strong understanding of security and AI control frameworks, such as: NIST Cybersecurity Framework (CSF), NIST AI Risk Management Framework (AI RMF), ISO 42001.
• Prior experience with TPRM / GRC platforms, including tools such as Vanta, Archer, or ServiceNow.
• Familiarity with cybersecurity risk rating services (e.g., RiskRecon, SecurityScorecard, BitSight).
• Working knowledge of audits, regulatory exams, and attestations, including SOC 2 Type II, ISO 27001, HITRUST, and similar frameworks.
• Ability to review and interpret technical evidence demonstrating cybersecurity validation and compliance (e.g., SCA, SAST, DAST, penetration testing).
• Excellent written and verbal communication skills, with the ability to translate between technical and non‑technical audiences.
• Experience reviewing technical policies and contributing to standard operating procedures.
• Strong command of the Microsoft ecosystem, including PowerPoint, Excel, Word, SharePoint, and Power BI.
• Demonstrated ability to use AI solutions securely and effectively, such as Microsoft Copilot, Gemini, Anthropic, or ChatGPT, to improve workflows and outcomes.
• One or more cybersecurity certifications, such as CISSP, CISA, CISM, CRISC, or equivalent.
• Demonstrated understanding of cybersecurity and AI governance frameworks, including NIST CSF and NIST AI RMF.

Responsibilities

• Conduct risk assessments for critical and operationally significant third‑party entities, including cloud service providers, SaaS platforms, technology partners, and infrastructure providers.
• Identify, track, and drive remediation of control gaps and security risks uncovered throughout the assessment lifecycle.
• Stay ahead of emerging risks, including generative and agentic AI, and evolving regulatory expectations across financial services and healthcare.
• Partner closely with cross‑functional teams such as Procurement, Legal, Privacy, Security, AI Governance, and vendor business owners to manage third‑party risk holistically.
• Develop and maintain key risk and performance metrics that demonstrate progress and maturity within the TPRM program.
• Lead efforts to automate repetitive and high‑volume processes, leveraging advancements in AI to increase efficiency, quality, and speed.
• Introduce and evaluate AI‑enabled tools to enhance risk clarity, improve signal‑to‑noise, and scale the program responsibly.
• Support other TPRM and governance activities as needed, contributing to a culture of continuous improvement.

Benefits

• Medical, dental, and vision
• HSA contribution and match
• Dependent care FSA match
• Uncapped paid time off
• Paid parental leave
• 401(k) match
• Personal and healthcare financial literacy programs
• Ongoing education & tuition assistance
• Gym and fitness reimbursement
• Wellness program incentives
• HealthEquity covers all required travel and accommodations for Trailhead onboarding.