TPRM Analyst, Info Sec

We are seeking a detail-oriented, analytical, and highly motivated Senior/Staff Analyst to support and scale our Information Security Third-Party Risk Management (TPRM) program. This role will play a key part in assessing, monitoring, and mitigating risks associated with third-party vendors. You will use our new modern, AI-powered TPRM platform to assess risk, analyze vendor responses and artifacts, and drive practical informed recommendations. You will partner closely with cross-functional teams, including Legal, Procurement, Information Security, and business stakeholders to enable risk-informed decisions and strengthen our overall third-party risk posture.

• Strengthen Resilience: Directly contribute to the security and resilience of the organization by developing and supporting a robust third-party risk management framework
• Drive Compliance: Ensure third-party relationships adhere to company policies, regulatory requirements, and industry best practices
• Enable the Business: Partner with business units to support risk-aware decision-making, enabling effective supplier engagement while safeguarding the organization

• Perform thorough due diligence reviews with the assistance of our AI-powered platform, including risk questionnaires, documentation analysis, and standard supplier due diligence assessments
• Ensure all third-party due diligence artifacts and supporting documentation are properly captured and maintained in the TPRM platform
• Evaluate third-party controls and documentation (e.g., SOC reports, policies, certifications etc.)
• Coordinate closely with other Information Security (e.g., security architecture / engineering, and subsidiary GRC) teams throughout the business  to further assess third-party solutions as needed
• Advise business and stakeholders on third-party risk

• Continuously monitor third-party cyber posture, including ransomware susceptibility, breach likelihood, and other open-source intelligence signals using our modern cyber rating platform
• Triage alerts and escalate early warnings as appropriate
• Develop and manage corrective action plans and control documentation for identified risks and/or issues
• Track and evaluate vendor remediation efforts to ensure timely and effective resolution, working with business owners to address underperformance or emerging concerns
• Conduct periodic and event-driven reassessments of third parties based on risk and criticality
• Ensure secure third-party offboarding, including data handling, access revocation, and closure of contractual and security obligations.

• Collaborate with business units, Legal, Information Security, and other risk subject matter experts to address and mitigate identified risks
• Support internal, customer, and third-party audits related to supplier risk and compliance
• Contribute to the development and enhancement of TPRM policies, standards, and procedures
• Create and implement scalable solutions for supplier tracking, monitoring, and compliance
• Stay current on industry trends, emerging risks, and regulatory changes impacting third-party relationships

• Deep experience in Information Security Third-Party Risk Management, Risk Management, GRC Compliance, or a related field
• Strong analytical skills with the ability to identify, assess, and resolve complex issues
• Familiarity with risk management frameworks (e.g., NIST, ISO etc.) and vendor risk best practices
• Excellent communication and interpersonal skills, with the ability to collaborate effectively across teams
• High level of professionalism, integrity, and commitment to accuracy and thoroughness
• A risk-focused, outcomes-focused mindset - you know how to balance thoroughness with speed, and you're comfortable prioritizing efforts to address most critical risks and moving quickly in a fast-paced business without compromising control integrity
• Comfortable working with technology platforms and AI-assisted tooling (you don't need to be technical, but you should be curious and adaptable)

• Consistent, high-quality execution of vendor risk assessments and due diligence
• Clear, actionable reporting that enhances leadership visibility into third-party risk
• Strong cross-functional partnerships enabling risk-informed business decisions
• Continuous improvement of TPRM processes, tools, and controls