Cybersecurity Analyst, Third Party Risk

Position Overview

We are seeking a detail-oriented and analytical Cybersecurity Analyst - Third Party Risk to join our cybersecurity team. In this role, you will be responsible for assessing, monitoring, and managing cybersecurity risks associated with third-party vendors, partners, and service providers. You will play a critical role in protecting our organization's data and systems by ensuring our external relationships meet our security standards and compliance requirements.

Key Responsibilities

• Perform third-party cybersecurity risk assessments and due diligence for vendors by evaluating security controls through questionnaires, documentation reviews, and ratings tools; collaborate with procurement, legal, and business units to embed cybersecurity requirements into contracts and vendor selection processes.
• Drive risk remediation and continuous improvement by tracking mitigation efforts, staying informed on emerging threats and regulatory changes, and applying insights to strengthen third-party risk management practices.
• Conduct controls analysis of business processes and systems and report the impact of changes and additions to security systems.
• Assist with the resolution of routine multi-functional technical issues. Prepare, perform, and present cybersecurity assessments and associated risks.
• Evaluate the efficiency and effectiveness of security processes and controls to ensure confidentiality, integrity, and availability of data/information, under guidance of senior colleagues.
• Recommend and/or execute remediation and develop cost information for mitigation measures. Monitor networks, systems, and applications for signs of potential cybersecurity incidents. Investigate and analyze the nature and scope of cyber incidents.
• Analyze security protocols, conduct compliance reviews, administer and maintain security audits and reports of server access and activity; participate in disaster recovery planning per corporate guidelines.
• Deliver and implement global security initiatives, policies, and compliance requirements. Work with IT and security engineers to produce metrics related to cybersecurity.
• Collaborate to improve metric results through effective action. Execute cybersecurity-related consulting, guidance, and support to customers and stakeholders.
• Effectively communicate emerging IT/OT and cybersecurity technology trends and their impact on the security landscape.

Required Qualifications

• Bachelor's Degree in Information Technology, related field or equivalent experience.
• 2+ years of relevant experience in cybersecurity, risk management, or vendor risk assessment.

Preferred Qualifications

• Professional certification, e.g. CISA, CRISC, CISSP, or CTPRP.
• Experience with third-party risk management platforms and tools (e.g., CyberGRX, BitSight).
• Familiarity with cybersecurity risk frameworks (NIST CSF, NIST 800-53, and COBIT).
• Experience reviewing and interpreting SOC 2 Type II reports, with the ability to assess control effectiveness and evaluate vendor risk posture.

Benefits & Perks

• Health, Vision & Dental Insurance: Comprehensive coverage to support your well-being.
• Paid Time Off: Generous vacation and leave policies.
• 401k Matching Program: Plan for your future with competitive company matching.
• Paid Parental Leave & Educational Reimbursement: Support for family and career growth.
• Annual Bonus Program: Discretionary company-sponsored bonus reflecting outstanding performance.