TPRM Analyst, Info Sec

About The Position

Requirements

• Deep experience in Information Security Third-Party Risk Management, Risk Management, GRC Compliance, or a related field
• Strong analytical skills with the ability to identify, assess, and resolve complex issues
• Familiarity with risk management frameworks (e.g., NIST, ISO etc.) and vendor risk best practices
• Excellent communication and interpersonal skills, with the ability to collaborate effectively across teams
• High level of professionalism, integrity, and commitment to accuracy and thoroughness
• A risk-focused, outcomes-focused mindset - you know how to balance thoroughness with speed, and you're comfortable prioritizing efforts to address most critical risks and moving quickly in a fast-paced business without compromising control integrity
• Comfortable working with technology platforms and AI-assisted tooling (you don't need to be technical, but you should be curious and adaptable)

Responsibilities

• Perform thorough due diligence reviews with the assistance of our AI-powered platform, including risk questionnaires, documentation analysis, and standard supplier due diligence assessments
• Ensure all third-party due diligence artifacts and supporting documentation are properly captured and maintained in the TPRM platform
• Evaluate third-party controls and documentation (e.g., SOC reports, policies, certifications etc.)
• Coordinate closely with other Information Security (e.g., security architecture / engineering, and subsidiary GRC) teams throughout the business to further assess third-party solutions as needed
• Advise business and stakeholders on third-party risk
• Continuously monitor third-party cyber posture, including ransomware susceptibility, breach likelihood, and other open-source intelligence signals using our modern cyber rating platform
• Triage alerts and escalate early warnings as appropriate
• Develop and manage corrective action plans and control documentation for identified risks and/or issues
• Track and evaluate vendor remediation efforts to ensure timely and effective resolution, working with business owners to address underperformance or emerging concerns
• Conduct periodic and event-driven reassessments of third parties based on risk and criticality
• Ensure secure third-party offboarding, including data handling, access revocation, and closure of contractual and security obligations.
• Collaborate with business units, Legal, Information Security, and other risk subject matter experts to address and mitigate identified risks
• Support internal, customer, and third-party audits related to supplier risk and compliance
• Contribute to the development and enhancement of TPRM policies, standards, and procedures
• Create and implement scalable solutions for supplier tracking, monitoring, and compliance
• Stay current on industry trends, emerging risks, and regulatory changes impacting third-party relationships