Overview
We are seeking a detail-oriented and analytical Third-Party Risk Analyst to support our risk management program. This role is responsible for reviewing client contracts for security and compliance requirements, assessing vendor and third-party risks, and maintaining and updating internal security policies to align with regulatory and contractual obligations.
The ideal candidate has experience in contract review, risk assessments, and policy governance in a cybersecurity or compliance-focused environment.
Key Responsibilities Contract Review
- Review client and vendor contracts, data protection agreements, and master service agreements for information security, privacy, and compliance terms.
- Identify and communicate gaps between client requirements and internal policies or capabilities.
- Collaborate with Legal, Sales, Procurement, and IT Security teams to align contract terms with organizational standards.
Third-Party Risk Management
- Assess third-party vendors for cybersecurity and compliance risks.
- Track and manage third-party security assessments, questionnaires, and audits.
- Ensure vendor compliance with applicable regulations, such as GDPR, CCPA, HIPAA, SOC 2, ISO 27001, etc.
Security Policy Management
- Maintain and update information security policies and procedures to reflect changes in laws, regulations, and business needs.
- Coordinate policy reviews with stakeholders across IT, Legal, HR, and Compliance departments.
- Ensure policies meet the requirements outlined in client contracts and external audits.
- Documentation & Reporting:
- Document risk findings and decisions in risk registers or compliance platforms.
- Prepare reports and dashboards to communicate contract review outcomes and vendor risk status to leadership.
- Track remediation activities related to third-party risk or contractual gaps.
Qualifications
- Bachelor’s degree in information security, Risk Management, Business, Legal Studies, or a related field.
- 2–4 years of experience in third-party risk, compliance, legal contract review, or security governance.
- Familiarity with regulatory frameworks (e.g., GDPR, HIPAA, PCI-DSS, ISO 27001, SOC
2).
- Strong understanding of contract terms related to data privacy and cybersecurity.
- Excellent analytical, communication, and organizational skills.
#J-18808-Ljbffr