TPRM Sr. Risk Analyst -

Job Description

Description: The Third-Party Risk Management (TPRM) Sr. Analyst will coordinate with IT stakeholders, project managers, and business owners to facilitate vendor risk assessments and assist with the negotiation of cybersecurity requirements in third party contracts. This role will be responsible for collaborating with vendors for responses to TPRM vendor assessments, perform third-party risk assessments in a timely manner, and facilitate the risk sign-off in accordance with an established set of processes. Key Responsibilities: Follow the established procedures for assessing cybersecurity risks of a third party. Evaluate third party maturity using ISO, the Cybersecurity Maturity Model Certification, NIST, GDPR and other industry framework standards and best practices. Evaluate compliance to key control requirements. Ensure required risk management activities and control weaknesses are identified prior to contract execution with third party provider, or appropriate risk acceptance is documented and approved in third-party risk platform. Monitor closure of issues, risks identified, risk decision and mitigation plans per issues management process. Perform periodic, ongoing risk assessments of vendors. Ensure third party contracts and agreements include appropriate cybersecurity terms. Refine and mature TPRM processes over time, in conjunction with Management. Preferred Experience: Have 3 or more years of experience in TPRM, risk assessments, and/or internal IT control testing/ IT audits. Have working knowledge of information security and risk frameworks/standards (i. e. ISO 27001/2, NIST 800-53, NIST CSF, SOC1/SOC2, CSA CCM and Shared Assessments SIG) and cloud security practices. Possess strong communication skills (both written and verbal). Possess strong interpersonal skills and can adapt information based on the audience. Be able to handle confidential information in a professional manner. Have the ability to recognize and communicate potential control related issues in a timely manner. Be a strong team player and able to work effectively with colleagues and management. Be highly organized and self-reliant, with the ability to multi-task. Have excellent process and time management skills. Able to appropriately identify issues and raise them to management by paying close attention to detail. Have the ability to listen effectively and communicate with honesty. Be able to acquire and evaluate data.