3rd Party Cyber Risk Analyst

Key Responsibilities:

• Support the execution, documentation, and tracking of third-party risk assessments; this includes collecting and reviewing formal and informal security documentation from vendors.
• Responsible for on/off-boarding vendors into the process, tool, and document repository.
• Applying a shift-left mentatlity in every vendor lifecycle stage to foster a security and continuous improvement mindset.
• Monitor the status and maintenance of 3rd-party security reports with controls, risk registers, and remediation activities.
• Prepare and update basic reports and summaries for management on vendor risk status and compliance activities.
• Execute and influence positive process changes and test new capabilities in the cyber risk tool.
• Participate in the collection of evidence and documentation for audits and regulatory reviews.
• Stay informed about changes in cybersecurity regulations (ie. NYDFS 500) and best practices; escalate relevant updates to senior team members.
• Escalate issues or risks to senior analysts or management as needed.
• Participate in security awareness activities, such as training sessions and phishing simulations.

Qualifications:

• 1-2 years' experience, internship, or coursework in IT security, risk management, compliance, and audit.
• Understanding of third-party/vendor risk management processes and core risk management terminology.
• Exposure to audit processes or evidence collection for compliance reviews.
• Analytical mindset with attention to detail and a willingness to learn new concepts.
• Project, organizational, and content management skills; ability to manage multiple tasks and deadlines.
• Effective written and verbal communication skills; able to collaborate with technical and non-technical stakeholders.
• Ability to prepare and present clear, concise reports and summaries.
• Awareness of key security and compliance frameworks (e.g., SOC 2, NIST, ISO 27001, PCI, HIPAA, HITRUST, SOX).
• Basic knowledge of state and federal cybersecurity regulations and standards.
• Willingness to pursue industry certifications.

Preferred:

• Experience with Microsoft Office Suite; familiarity with tools such as SharePoint, Power BI, ServiceNow, UpGuard, or Archer are a plus.
• General understanding of IT concepts, including cloud services (IaaS, SaaS, PaaS), network security, and endpoint security.
• A bachelor's degree in computer science, information technology, or a related field.
• Achieved relevant security certifications are a plus, such as:
• Certified Information Security Auditor (CISA)
• Certified in Risk Information Systems Controls (CRISC)
• GIAC Security Essentials or Professional Certification (GSEC/GISP)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Cloud Security Professional (CCSP)
• Certified Insurance Data Security Professional (CIDSP)
• CompTIA Security+
• #LI-VG1

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.