Third Party Risk Management Analyst

About The Position

Requirements

• A minimum of a Bachelor’s Degree in a relevant discipline, advanced degree is preferred.
• A minimum 5+ years relevant working experience in TPSRM or public accounting company 3rd Party experience.
• Ability to oversee and execute TPSRM process.
• Champion the importance of TPSRM principles to all stakeholders.
• Flexible, nimble leadership style that can shift quickly to new priorities and deliver outcomes based on Business needs.
• Results-focused with an unrelenting push toward delivering value through standardization and ongoing improvements align with Business needs.
• Experience with GDPR, CCPA, PIPL and other International Privacy regulations.

Nice To Haves

• Preferred Certifications: CISA, CISSP, CRVPM.

Responsibilities

• Execute vendor management processes to optimize relationships with vendors and deliver best results, aligned to business risk mitigation.
• Manage scheduling and execution of assessments (cybersecurity, privacy, AI, security design questionnaire).
• Evaluate key information security risks including confidentiality, integrity and availability of technology components through review of security operational processes, such as vulnerability management, security logging and monitoring, security incident response, and defense in depth strategies.
• Define appropriate risk levels and corrective actions for issues identified. Formally communicate risks identified and remediation accepted by the business.
• Ensure all third-party risk assessments, findings, recommendations, and remediation actions are thoroughly documented.
• Engage in post assessment activities including validation of initial findings with management and business unit, follow-up on risk remediation’s and mitigation.
• Maintain security risk register, vendor tier listing, and reassess vendors on the defined TPSRM schedule.
• Serve as a subject matter expert to identify and address key third party related risks and areas of concern associated with new and existing third parties.
• Maintain and enhance continuous assessment tool usage and continuous improvement initiatives (assessment/reassessment timeliness, risk remediation rate, reduction in residual risk).
• Collaborate closely with the Procurement Team and business owners.
• Provide supporting TPSRM documentation for assessment and audit.
• Hold kickoff meetings with vendors and Third-Party Managers to identify technologies used and define the assessment scope.
• Requests, reviews, and validates vendor assessments and supporting documents to determine residual risk, vendor tiering, and corrective actions.
• Clearly justifies and documents rationale between the inherent to residual risk rating.
• Deliver assessment results, risk levels, and recommendations to Business Owners; report issues and corrective actions to third parties.

Benefits

• Benefits include medical, dental, and vision insurance as well as a 401(k) retirement plan with a company match that vests fully on day one.
• We offer eight (8) weeks of paid parental leave after just three (3) months of employment, and a paid time off policy that includes vacation time, personal time, sick time, floating holidays, and eleven (11) company holidays.
• Additional benefits include flexible spending and health savings accounts, life and AD&D insurance, short- and long-term disability coverage, legal assistance, and supplemental plans such as pet, critical illness, accident, and hospital indemnity insurance.
• We also provide commuter benefits, family planning and care resources, well-being initiatives, and peer-to-peer recognition programs; demonstrating our ongoing commitment to building a culture where our people feel empowered, supported, and inspired to do their best work.