Sr. Vendor Risk Management Analyst

Job description

As a Third-Party Risk Analyst, you will play a critical role in assessing and managing the risks associated with our third-party relationships. You will work closely with various stakeholders across the organization to evaluate the security and compliance risks posed by third-party vendors and partners.

About the Role:

• Conducting risk assessments of third-party vendors and partners to identify potential security, compliance, and operational risks.
• Reviewing and analyzing third-party contracts, agreements, and security documentation to ensure alignment with TRs risk management policies and standards.
• Developing and implementing risk mitigation strategies and controls to address identified risks and vulnerabilities.
• Monitoring and tracking third-party risk metrics and performance indicators to ensure ongoing compliance and effectiveness of risk management measures.
• Collaborating with cross-functional teams, including Legal, Compliance, IT Security, and Procurement, to address third-party risk issues and concerns.
• Providing guidance and support to internal stakeholders on third-party risk management best practices and procedures.
• Staying informed about emerging trends, threats, and regulatory requirements related to third-party risk management.

About You:

• Bachelor s degree in information technology, or related field.
• 5-7 years of experience in risk management, vendor management, or related field.
• Strong understanding of risk management principles, practices, and methodologies.
• Knowledge of relevant regulations, standards, and frameworks (e.g., GDPR, ISO 27001, NIST Cybersecurity Framework).
• Excellent analytical, problem-solving, and decision-making skills.
• Effective communication and interpersonal skills, with the ability to collaborate and influence stakeholders at all levels of the organization.
• Certifications such as Certified Third-Party Risk Professional (CTPRP), Certified Information Systems Auditor (CISA), or Certified Information Security Manager (CISM), ISO 27001 LA are a plus.
• Experience with third-party risk management tools and platforms is desirable.