Third-Party Risk Lead Analyst

TL;DR

Third-Party Risk Lead Analyst: Leading the end-to-end technology third-party risk lifecycle for IT vendors and service providers with an accent on risk assessment, governance, and continuous monitoring. Focus on vendor due diligence, contract requirements negotiation, architecture compatibility reviews, and driving risk-based decisions through influence.

Location: Remote

Salary: $110,000–$130,000

Company

America’s largest supplier of building materials, value-added components, and building services to the professional market.

What you will do

• Own and improve the IT Third-Party Risk Management program, including intake, risk tiering, assessments, decisioning, governance, and monitoring.
• Partner with Business Owners, Procurement, Legal, IT, and Security to evaluate business use cases, conduct vendor due diligence, and define contract requirements.
• Coordinate technical reviews for architecture compatibility, identity integration, data flows, and alignment to BFS standards.
• Leverage security ratings like BitSight for vendor scoring, remediation tracking, and escalation.
• Maintain risk inventory, dashboards, and reports; execute continuous monitoring and reassessments.
• Facilitate cross-functional reviews, define policies, and integrate TPRM into workflows.

Requirements

• 5+ years in third-party risk management, cybersecurity risk, or technology risk, leading vendor assessments and monitoring.
• Bachelor’s degree in Information Security, Information Systems, Risk Management, Business, or equivalent experience.
• Proficiency with productivity tools (Excel, Word, PowerPoint, SharePoint; Power BI preferred) and GRC/third-party risk tooling (e.g., BitSight, ServiceNow).
• Strong communication, analytical skills, and ability to influence across functions and engage vendors.
• Experience with risk tiering, due diligence, frameworks (NIST, ISO 27001, SOC 2), and incident response.
• Understanding of third-party lifecycle and integration into procurement processes.

Nice to have

• Relevant certifications: CISA, CRISC, CISSP, CISM.
• Experience in audit, compliance, or optimizing TPRM workflows in platforms like ServiceNow or Archer.

Culture & Benefits

• Competitive benefits: medical, dental, vision, disability insurance, 401(k), PTO, paid sick time, 8 paid holidays.
• Annual bonus eligibility based on company performance.
• Professional development through training, tools, and technologies.
• Collaborative, people-first environment with opportunities for growth.
• Occasional travel; office and outside work with lifting up to 25 pounds.