Lead Third Party Information Security Analyst

• Perform in-depth third-party risk assessments, including evaluating security controls, reviewing documentation (e.g., SOC reports, SIG questionnaires, policy, and procedure documents), and identifying potential risks
• Collaborate with business stakeholders, procurement, legal, and third-party vendor contacts to gather necessary information and ensure timely completion of assessments
• Track and manage remediation efforts for identified findings, ensuring third-party vendors implement appropriate corrective actions within agreed timelines
• Collaborate and consult with peers, LOB, procurement, and mid-level managers up to executives to resolve issues and achieve goals
• Maintain and enhance third-party risk management processes, tools, and documentation
• Provide subject matter expertise on third-party security risks
• Understanding of regulatory requirements (e.g., GDPR, HIPAA, GLBA), and industry best practices
• Support internal and external audits related to third-party risk management
• Contribute to continuous improvement initiatives within the broader Information Security Risk Management program
• Lead projects and teams
• Serve as a mentor and guide to junior analysts

• 5+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• Bachelor’s degree in information security, Computer Science, Risk Management, or a related field (or equivalent experience)
• Knowledge and understanding of information security management, audit, compliance, and risk
• Experience with third-party risk assessment tools, products, and GRC platforms (e.g., Archer, ServiceNow, OneTrust, KY3P)
• Proficient knowledge of security frameworks and standards (e.g., NIST, ISO 27001, SIG, SOC 2)
• Excellent communication and interpersonal skills, with the ability to influence and collaborate across teams
• Knowledge of with cloud security and SaaS vendor risk
• Ability to manage multiple assessments and remediation efforts simultaneously
• Knowledge and understanding of financial services industry: compliance, risk management or audit operations
• Knowledge of Microsoft offices tools such as PowerPoint, Excel, Outlook, and Word
• Relevant certifications such as CISSP, CISA, CRISC, or CTPRP are a plus

Relevant certifications such as CISSP, CISA, CRISC, or CTPRP are a plus