We're looking for a highly motivated and detail-oriented Third Party Risk Management (TPRM) Analyst to join our Governance, Risk, and Compliance (GRC) organization. In this role, you will be a key contributor to the security of our supply chain by leading complex risk assessments. You'll be responsible for the full lifecycle of third party risk management— including vendor intake, due diligence, ongoing monitoring and offboarding. The ideal candidate will have a proactive approach to problem-solving and a strong understanding of risk management principles, as well as the ability to work independently to ensure all tasks are completed accurately and on time.This position reports to our Director, Data Protection. We’re looking for someone to join us immediately.What you'll do:Execute the TPRM Process: Conduct comprehensive risk assessments on third parties including analysis of appropriate security controls, contract requirements, and compliance documentation. You'll be responsible for gathering necessary information directly from third parties.Identify Critical Systems and Assets: Partner with technical and business teams to map sensitive data and critical systems. You'll also categorize third parties to guide reassessment and identify processor/sub-processor relationships.Contribute to Program Development: Help shape and refine our TPRM policies and procedures. Look for ways to improve efficiency, including the use of automation and AI.Support Contracting: Work with our legal and procurement teams to include security and data protection requirements in contracts.Maintain Accurate Records: Accurately document all assessment activities, findings, and mitigation efforts in our TPRM platform (OneTrust).Provide Operational Support: Guide business owners and third parties through the TPRM process, answering questions and providing a smooth experience.Monitor and Report: Support ongoing monitoring of third parties and contribute to recurring reports on the program's health and effectiveness.What we're looking for:Experience: Bachelor’s degree and at least 5 years of direct experience in third party risk management, information security, or GRC. Direct experience conducting complex, end-to-end risk assessments, preferably in a fast-paced or regulated environment.Technical Knowledge: Deep understanding of information security and data protection frameworks (e.g., NIST CSF, ISO 27001, SOC 2) and regulations (e.g., GDPR, CCPA, EU AI ACT). Strong knowledge of different data and system risk types and a proactive approach to risk mitigation.Platform Proficiency: Hands-on experience with a TPRM platform like OneTrust, including customizing workflows and managing automations.Skills: Exceptional communication and presentation skills, with the ability to interact effectively with stakeholders at all levels. Provide critical thinking with strong analytical and problem-solving abilities.Independent Contributor: Proven ability to work independently, take ownership of tasks, and prioritize effectively in a dynamic environment.Preferred: Familiarity with data analysis and visualization tools like Power BI to support data-driven decisions.
