Haystack
← Back to Jobs
Other

Sr Third-Party Risk Analyst

ElevaIT SolutionsCA🇺🇸United StatesPosted 8 Jul 2026

Quick Overview

Work Type
Hybrid
Level
Mid Senior

Job Description

Senior Third-Party Risk Analyst

Top 3 Skills

  • Third-Party Risk Management (TPRM) - hands-on vendor assessment lifecycle from intake through remediation
  • Security framework fluency - SOC 2, ISO 27001, NIST CSF, FedRAMP, PCI DSS
  • Risk communication - ability to translate complex findings for both technical teams and executive stakeholders

What You'll Do

  • Lead end-to-end risk assessments for new and existing vendors, covering cybersecurity posture and regulatory compliance
  • Review vendor-submitted security questionnaires, SOC 2 reports, ISO certifications, and audit documentation
  • Coordinate directly with vendors to validate security controls and drive remediation timelines
  • Classify vendors into risk tiers and maintain a live vendor risk database
  • Partner with Procurement, Legal, Privacy, and InfoSec on contract reviews and supplier security standards
  • Monitor ongoing supplier risk profiles and flag changes that require escalation
  • Identify automation opportunities within the assessment workflow to reduce manual overhead
  • Contribute to broader InfoSec risk initiatives beyond the vendor program

What We Need From You

  • 6+ years in third-party risk assessment, vendor governance, or information security risk management
  • Working knowledge of ISO 27001/2, SOC 2, NIST CSF, FedRAMP, and PCI DSS
  • Experience managing multiple concurrent vendor assessments without dropping the ball
  • Strong written and verbal communication - you can brief a CISO and a procurement manager in the same day
  • Bachelor's degree in Cybersecurity, Information Security, Risk Management, Computer Science, or a related field

Bonus If You Have

  • Active certifications: CISA, CISM, CISSP, or CRISC
  • Exposure to ISO 27017/27018 cloud security extensions
  • Experience with Coupa, OneTrust, JIRA, or Coverbase

A Few Things to Know

  • You'll be expected to build cross-functional relationships across multiple internal teams
  • This role sits within a dedicated TPRM function - you won't be context-switching into unrelated IT work

Skills

PCI DSS
SOC 2
Compliance
Jira
Procurement
Regulatory Compliance
Risk Assessment
Risk Management

Similar jobs