Third Party Risk Analyst

About The Position

Requirements

• Bachelor's degree in computer science, information systems, or related fields, or equivalent work experience.
• 3 years of experience performing cyber security assessments, specifically third-party assessments using a NIST-based framework.
• Experience with compliance and security audits, and risk mitigation plans.
• Understanding of various risk and security certifications and attestations (SOC2, ISO 27001, etc.).
• In-depth understanding of cyber security principles, concepts, and best practices.

Nice To Haves

• Industry recognized certifications within information security (e.g., CISSP, GIAC, CISM, CISA, CTPRP, CCSP).
• Familiarity with third party risk and governance concepts.
• Advanced use of cyber security assessment tools and external vendor information sources.

Responsibilities

• Conduct comprehensive third-party cyber security assessments utilizing a NIST-based framework.
• Evaluate the security posture of third parties to identify vulnerabilities, gaps, and areas of non-compliance.
• Generate detailed reports that provide in-depth analysis of assessment findings, including identified risks and recommended remediation actions.
• Engage with customers and stakeholders to communicate assessment results and collaborate on remediation actions.
• Review and interpret results of vendor audit reports and identify deficiencies for remediation.
• Provide coordination and reporting for third-party risk activities including vendor outreach related to cybersecurity breaches.
• Lead process improvement discussions and present outcomes to senior management.
• Participate in project development surrounding new processes and their integration.

Benefits

• Health insurance
• Dental insurance
• 401k retirement plan
• Paid holidays
• Professional development opportunities