Description
The Third‑Party Risk Management Analyst is responsible for supporting our customer’s Third‑Party Cyber Risk Management (TPCRM) program by performing cybersecurity risk assessments, driving project execution, and improving risk management processes through automation and tooling. This role balances hands‑on cybersecurity engineering work with structured project management to ensure third‑party risks are identified, tracked, mitigated, and communicated effectively across the organization.
Essential Functions:
· Leading Third‑Party Cyber Risk Management initiatives across the full project lifecycle, including planning, execution, stakeholder coordination, reporting, and ongoing monitoring
· Perform comprehensive cybersecurity risk assessments of third‑party partners, identify security gaps, and deliver clear, actionable assessment reports with minimal supervision
· Execute standardized inherent risk assessments and validate the accuracy of risk ratings, control evaluations, and remediation plans
· Track, document, and follow up on third‑party risk remediation activities to ensure timely closure and alignment with Customer risk tolerance
· Leverage Governance, Risk, and Compliance (GRC) platforms and AI‑driven automation to streamline assessment workflows, reporting, and evidence collection
· Partner with cybersecurity, procurement, legal, internal audit, and business stakeholders to support consistent and scalable third‑party risk practices
· Support continuous improvement of TPCRM processes by identifying inefficiencies and recommending process or tooling enhancements
· Provide cybersecurity risk education to internal teams and third‑party partners, promoting secure behaviors and awareness of emerging threats
· Prepare metrics, dashboards, and summaries to support leadership visibility into third‑party cyber risk posture
· Utilize AI platforms and industry data to optimize assessment of workflows and enable greater focus on mitigating identified risks.
Competencies:
· Cybersecurity Fundamentals: Demonstrates a solid understanding of security controls, threats, and risk concepts
· Risk Assessment & Analysis: Ability to identify, assess, and document third‑party cyber risks and control gaps
· Project Management: Effectively plans, tracks, and executes work across multiple concurrent initiatives
· Process Improvement: Identifies opportunities to streamline workflows and improve operational efficiency
· Stakeholder Collaboration: Works effectively with cross‑functional teams and external partners
· Communication: Clearly communicates technical risk information to both technical and non‑technical audiences
· Attention to Detail: Produces accurate, well‑documented assessments and maintains reliable risk records
· AI-Driven Risk Mitigation: Leverages AI platforms and industry partnerships to accelerate risk identification and maximize time spent on executing risk reduction.
Requirements
· Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent practical experience
· 1–3 years of experience in cybersecurity, third‑party risk management, IT risk, compliance, or a related discipline
· Foundational understanding of cybersecurity principles, risk assessment methodologies, and common security control frameworks
· Experience supporting projects or initiatives that require coordination across multiple stakeholders
· Strong written and verbal communication skills, with the ability to clearly document risks and recommendations
