Third Party Risk Management Analyst 2

About The Position

Requirements

• Bachelor’s degree in Information Security, Information Technology, Business, Risk Management, or a related field or an equivalent combination of education and relevant work experience.
• 2–4 years of experience in third‑party/vendor risk management, IT risk, cybersecurity, compliance, or GRC.
• Experience reviewing SOC reports, security questionnaires, and vendor compliance evidence preferred.
• Familiarity with frameworks such as SOC 2, ISO 27001, NIST, PCI, and SIG beneficial.
• Strong analytical skills with the ability to interpret technical security documentation and identify risk gaps.
• Solid problem‑solving and decision‑making capabilities.
• Effective written and verbal communication skills, with the ability to explain risk concepts to non‑technical audiences.
• Ability to manage work independently while collaborating effectively across teams.
• High attention to detail with strong organizational and documentation skills.
• Ability to adapt to change and shifting priorities, consistent with Analyst II / mid‑level IC expectations.

Responsibilities

• Conduct inherent and residual risk assessments for new and existing third‑party vendors.
• Perform security, privacy, and compliance assessments using standardized questionnaires and industry frameworks (e.g., SOC 2, SIG, ISO 27001, NIST).
• Review and analyze vendor‑provided documentation and evidence for adequacy, completeness, and control effectiveness.
• Document assessment results, identify risk gaps, and recommend remediation actions aligned with defined standards.
• Ensure assessments are completed in accordance with internal procedures and execution expectations.
• Track vendor remediation plans and validate closure of corrective actions.
• Monitor high‑risk vendors for changes in risk posture, control effectiveness, or material issues.
• Maintain centralized records, reporting, and dashboards to support ongoing oversight.
• Support periodic vendor reviews and recurring reassessment cycles.
• Contribute to updates of TPRM procedures, workflows, and program documentation.
• Support internal and external audits by gathering evidence and documenting processes.
• Ensure program activities align with Choice’s governance standards and risk expectations.
• Partner with Legal, Procurement, Technology, Privacy, and business units to determine appropriate risk requirements for vendor engagements.
• Communicate assessment results, risk issues, and required next steps clearly to stakeholders.
• Provide guidance to internal partners on vendor intake forms and required risk documentation.
• Participate in vendor onboarding and review meetings as needed.
• Stay current on third‑party risk trends, regulatory requirements, and industry best practices.
• Identify incremental improvements to assessment workflows and vendor experience.
• Pursue relevant TPRM, information security, or GRC training and certifications to support professional growth.

Benefits

• Competitive compensation and benefits, including medical, dental, and vision coverage
• Leave and paid time-off for holidays, vacation, personal, family, volunteer, sick, jury duty, bereavement, military, and religious observance
• Financial benefits for retirement and health savings
• Employee recognition programs
• Discounts at Choice hotels worldwide