Third Party Risk Assessment Analyst/Lead

Job Responsibilities:

• Lead IT Technology Risk Management activities with a focus on third‑party and vendor risk.
• Optimize and enhance Third‑Party Risk Management (TPRM) processes to align with organizational standards and regulatory expectations.
• Review vendor intake forms and use cases to validate criticality, tiering, and required assessment levels.
• Perform inherent risk assessments and categorization for all newly onboarded third‑party vendors.
• Conduct end‑to‑end security assessments for third‑party/service providers.
• Review SIG questionnaires and supporting evidence to evaluate vendor security posture and identify potential risks.
• Collaborate with vendor relationship managers to drive timely remediation of issues, including handling non-responsive vendors.
• Perform due diligence on vendor cybersecurity controls aligned with internal and external audit requirements.
• Engage in iterative discussions with Business Units, IT, and vendor teams to close open items and clarify assessment findings.
• Conduct security control reviews against cybersecurity best-practice frameworks (e.g., data classification, encryption, IAM, logging, financial viability).
• Contribute to senior management reporting, dashboards, and governance forums with clear risk transparency.
• Ensure monthly closure targets are met while managing caseload within agreed SLA thresholds.
• Continuously improve assessment quality, efficiency, and SLA adherence.
• Cybersecurity certifications (e.g., ISO 27001, CISA, CISM, CISSP, CRISC) are considered an advantage.

Must Have / Required:

• Strong experience in IT Technology Risk Management and Third‑Party/Vendor Risk Assessments.
• Hands‑on expertise reviewing SIG questionnaires, vendor evidence, and cybersecurity controls.
• Solid understanding of risk frameworks and InfoSec domains (encryption, IAM, key management, logging, data protection, etc.).
• Excellent communication skills for cross‑functional discussions with BU, IT, and vendor stakeholders.
• Experience handling audit, InfoSec due diligence, and risk documentation.
• Ability to manage high‑volume caseloads while maintaining SLA commitments.
• Strong analytical, documentation, and reporting skills.

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.