​This is a remote Technology Risk Analyst role focused on independently assessing and managing technology risks associated with third-party vendors and service providers. As a key member of the Digital Technology Risk Assurance team, this role drives the organization’s overall risk posture by conducting comprehensive evaluations, identifying vulnerabilities, and ensuring continuous compliance within third-party relationships.

• ​Location: Remote, United States.
• ​Experience (Required): 2–4 years in technology risk, cybersecurity, audit, compliance, or third-party risk management.
• ​Focus: Performing vendor risk assessments, due diligence, ongoing monitoring, and aligning all practices with major industry standards (NIST, ISO 27001).
• ​Work Style: Proactive individual capable of tackling complex challenges with minimal guidance.

​Essential Functions: Vendor Lifecycle and Compliance

​The Analyst is responsible for the full lifecycle of technology risk assessment across third-party engagements.

• ​Vendor Evaluation: Conduct in-depth evaluations of third-party vendors, encompassing their financial stability, operational performance, and adherence to regulatory compliance requirements.
• ​Risk Identification and Mitigation: Proactively identify potential technology risks and vulnerabilities within third-party relationships, then develop and implement effective mitigation strategies and plans.
• ​Continuous Monitoring: Implement and maintain continuous monitoring of third-party performance and compliance through regular audits, reviews, and performance assessments.
• ​Cross-Functional Collaboration: Foster strong relationships with internal teams (procurement, legal, IT, and compliance) to ensure a unified approach to third-party risk management (TPRM).
• ​Alignment: Ensure all TPRM practices are meticulously aligned with established industry standards (NIST, ISO 27001), regulatory requirements, and organizational goals.
• ​Documentation: Maintain thorough, accurate, and up-to-date records pertaining to all TPRM processes and activities.

​Required and Preferred Qualifications

​The role requires foundational experience in risk frameworks and strong analytical skills.

• ​Required Experience:
  • ​2–4 years in relevant fields (technology risk, cybersecurity, audit, compliance, or TPRM).
  • ​Experience performing vendor risk assessments, due diligence, and ongoing monitoring.
  • ​Working knowledge of risk frameworks (e.g., NIST, ISO 27001).
• ​Preferred Experience:
  • ​3+ years of third-party risk management experience, including process or framework improvement.
  • ​Understanding of IT and cybersecurity concepts (cloud, network, application security).
  • ​Experience automating TPRM workflows or using GRC platforms (e.g., ServiceNow).
  • ​Experience managing the full vendor risk lifecycle (onboarding through offboarding).
• ​Certifications (Preferred): Professional certifications such as CISA, CISM, CRISC, CISSP, CTPRA, or similar.