Third Party Cyber Risk Analyst


Strategic Staffing Solutions

The Risk Analyst is responsible for developing and implementing strategies for third-party risk management and assessment. This role involves guiding the organization in establishing frameworks and processes for evaluating and mitigating risks associated with external partners and vendors. The Risk Analyst will focus on the strategic aspects of third-party risk, including policy development, program management, and strategy execution. The role includes collaborating with internal stakeholders to ensure alignment of third-party risk strategies with overall business objectives and compliance requirements.

Key job responsibilities

  • Develops and implements third-party risk management strategies and frameworks in line with organizational objectives and compliance requirements.
  • Leads third-party risk assessments, identifying potential risks and vulnerabilities in partnerships and vendor relationships.
  • Designs and manages processes for continuous monitoring and evaluation of third-party risks, ensuring effective mitigation strategies are in place.
  • Collaborates with internal teams to align third-party risk management practices with overall cybersecurity initiatives and business strategies.
  • Provides expert advice and guidance to leadership on emerging trends, best practices, and regulatory requirements related to third-party risk management.
  • Coordinates and oversees third-party audits, ensuring compliance with organizational standards and regulatory requirements.
  • Develops training and awareness programs focused on third-party risk management to enhance organizational understanding and capability in managing external risks.

Required qualifications / certifications

  • Minimum 3-5 years of experience in Information Technology, with a focus on third-party risk management or related fields.
  • Strong understanding of third-party risk management principles and practices, including risk assessment, monitoring, and mitigation strategies.
  • Knowledge of relevant industry policies, standards, and controls (e.g., NIST, ISO 27001, COBIT) with a specific focus on third-party risk management aspects.
  • Familiarity with key concepts related to IT security and data management, especially as they pertain to third-party and vendor relationships.
  • Relevant certifications are desirable, such as Certified Third-Party Risk Professional (CTPRP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC).

Job ID: JOB-232897
Publish Date: 11 Dec 2023

Tagged as: Third Party Cyber Risk Analyst