Third party risk

TPRM Analyst 4 to 8 Years

Role Summary: Cyber Risk Analyst to support and strengthen our enterprise cyber risk management program. The ideal candidate will be responsible for conducting risk and criticality assessments, maintaining the risk register, tracking mitigation efforts, and generating actionable risk reports to support leadership decision-making.

Key Responsibilities:

Execute risk-based assessments of third-party vendors to evaluate cybersecurity posture, data protection measures, and compliance with organizational and regulatory standards.

Maintain and update a centralized third-party inventory, including criticality ratings and assessment status.

Collaborate with business owners and procurement teams to understand the nature and scope of third-party engagements.

Issue and analyze security questionnaires (e.g., SIG Lite, CAIQ) and supporting documentation to identify control gaps and risks.

Provide actionable risk mitigation recommendations to business stakeholders and vendors.

Monitor remediation efforts and track open findings to closure; escalate overdue or high-risk issues as needed.

Contribute to the continuous improvement of the TPRM framework, including policies, procedures, assessment methodologies, and risk scoring models.

Generate regular reports and dashboards on third-party risk posture, trends, and compliance metrics for management and stakeholders.

Support annual reviews of third-party security requirements, contractual clauses, and due diligence processes.

Stay informed on emerging risks, regulatory changes, and best practices related to third-party and supply chain risk.

Strong knowledge of TPRM lifecycle, risk frameworks (e.g., NIST, ISO 27001, SIG Lite), and contract/vendor governance.

Strong understanding of risk assessment methodologies, cybersecurity controls, and vendor lifecycle management.

Familiarity with common frameworks (e.g., NIST CSF, ISO 27001, SIG, SOC 2, GDPR, HIPAA).

Proficient in GRC or TPRM platforms (e.g., ProcessUnity, Archer, OneTrust, ServiceNow GRC).

Excellent analytical, communication, and stakeholder management skills.

Ability to interpret technical and non-technical information and communicate risks effectively.