Information Security GRC Third-Party Risk analyst

The Challenge

The Security Third Party Risk Analyst will play a crucial role in ensuring that our organization maintains a robust security posture by assessing, managing, and mitigating risks associated with third-party vendors and service providers.

Your Mission

The successful candidate will be responsible for conducting thorough risk assessments, monitoring compliance, and collaborating with various stakeholders to ensure that our third-party relationships align with our security policies and standards.

Risk Assessment and Analysis:

• Conduct comprehensive security risk assessments of third-party vendors and service providers.
• Identify potential security vulnerabilities and threats in third-party environments.
• Evaluate the effectiveness of third-party security controls and recommend necessary improvements.
• Analyze third-party risk data to identify trends and emerging threats.
• Work within the OneTrust platform on a daily basis to monitor, track, document, and analyze risks.
• Create repeatable metrics for OneTrust's risk posture.
• Become the technical Subject Matter Expert within the OneTrust TPRM platform (from implementation to maintenance).
• Collaborate with Information Security to establish reporting processes for risks and exceptions.
• Support the overall ERM function.

Vendor Management:

• Collaborate with procurement and legal teams to ensure that security requirements are included in third-party contracts.
• Monitor third-party compliance with contractual security obligations and industry standards.
• Maintain an up-to-date inventory of all third-party vendors and their associated risks.
• Facilitate regular security reviews and audits of third-party vendors.

Policy and Compliance:

• Perform regular security audits to ensure compliance with internal policies and external regulations.
• Assist in the creation and maintenance of security policies, procedures, and protocols.
• Support customer audits as needed.

You Are

A team player who can work well within the GRC team.

• Critical Thinking: Ability to think critically and strategically about potential security threats and solutions.
• Proactivity: Proactive approach to identifying and mitigating risks before they become issues.
• Team Collaboration: Strong teamwork and collaboration skills to work effectively with cross-functional teams.
• Adaptability: Ability to adapt to changing security landscapes and emerging threats.
• Efficient: Facilitate and manage multiple questionnaires and due diligence activities simultaneously.
• Organized: Maintain a high level of organization to manage multiple tasks and projects effectively.
• A Trusted Advisor: Serve as a reliable advisor to stakeholders, providing expert guidance on security matters.
• A Relationship Builder: Ability to listen, build rapport, and credibility as a partner vertically and horizontally.
• A Technical Innovator: Possess the ability to become a technical SME in the OneTrust platform and create and manage your own assessments and workflows.
• Value Driven: You are detail-oriented with an eye for quality.
• Ability to execute given high-level direction.
• Asks good questions and is always learning.

Your Experience Includes:

• Deep understanding of information security frameworks, risks, and mitigation strategies.
• Deep understanding of the technical aspects surrounding risks to the organization.
• Understanding of applicable laws and regulations, including but not limited to GDPR, CCPA, PCI-DSS, SOC 2, ISO, and FedRAMP.
• Working knowledge of security risk management methodologies and procedures.
• Working knowledge of Third-Party security risk management methodologies and procedures.
• Understanding of the different types of sensitive data and the classifications of that data.
• Understanding of technology domains including governance, risk management, security, privacy, information technology, and business continuity.
• Bachelor’s degree; or 5-8 years of equivalent work experience.