CrawlJobs Logo

Senior Cybersecurity Third-Party Risk Analyst

boeing.com Logo

Boeing

Location Icon

Location:
United States , Seattle

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

128700.00 - 181500.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

At Boeing, we innovate and collaborate to make the world a better place. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us. We are seeking a highly experienced Senior Cybersecurity Third-Party Risk Analyst to perform advanced, technical assessments of third-party cyber risk and to design automation and process improvements using configuration, integration, and agentic AI capabilities. This senior individual contributor will focus on developing hands-on assessment processes to evaluate vendor controls, validate technical evidence, and drive remediation recommendations - while also building robust automation and configuration assets (scripts, connectors, playbooks, and AI agents) to scale assessment throughput, improve data quality, and accelerate risk decisions. A strong emphasis on lean process enhancement will ensure the program delivers higher velocity, lower waste, and measurable improvements in assessment quality and cycle time.

Job Responsibility:

  • Design & Execute end-to-end cybersecurity third-party assessments for strategic and high-risk vendors, including questionnaire reviews, technical evidence validation, architecture reviews, cloud configuration analysis, IAM assessments, encryption and key management reviews, logging/monitoring validation, and vulnerability/penetration test interpretation
  • Produce repeatable processes that create clear, prioritized risk findings and remediation guidance tailored to vendor risk and business impact
  • Design, build, and maintain automated assessment capabilities: evidence collection scripts, API connectors, ETL pipelines, data validation routines, and integration points with TPRM/GRC platforms (Aravo, ServiceNow GRC, RSA Archer, OneTrust, etc.)
  • Develop and deploy agentic AI components (e.g., automated evidence triage, document ingestion and extraction, risk-scoring assistants, remediation suggestion agents) while ensuring safe, auditable, and privacy-preserving behavior
  • Lead lean process improvement initiatives across the assessment lifecycle: map value streams, eliminate waste, reduce handoffs, optimize SLAs, and implement continuous improvement cycles to increase throughput and quality
  • Create and maintain technical assessment artifacts: standardized templates, evidence matrices, technical checklists, assessment playbooks, and scoring rubrics that support repeatability and auditability
  • Validate and tune automated scoring models and AI outputs
  • perform periodic calibration and manual reviews to ensure accuracy and reduce false positives/negatives
  • Collaborate closely with Procurement, Legal, Security Operations/CIRT, Privacy, and other business stakeholders to ensure technical assessment findings map to contractual requirements and incident response expectations
  • Support remediation verification and re-assessment - use automation to track evidence submission, validate fixes, and update risk status
  • Maintain strong documentation & processes to support change management of automation logic, AI agent behaviors, data mappings, integration schemas
  • Stay current on emerging attack techniques, supply chain threats, automation best practices, responsible AI controls, and lean methods
  • propose and implement improvements

Requirements:

  • 5+ years of cybersecurity experience with at least 3 years focused on third-party/vendor security assessments or equivalent technical assessment roles
  • Deep hands-on expertise reviewing technical artifacts: cloud console evidence (AWS/Azure/GCP), architecture diagrams, IAM configurations, network security, encryption, logging/monitoring, vulnerability scans, and penetration test reports
  • Proven ability to translate technical findings into concise executive-level summaries and remediation plans
  • excellent written and verbal communication skills
  • Demonstrated experience applying lean principles or continuous improvement methods to operational processes - ability to run value stream mapping, define and measure waste, and implement sustainable improvements
  • Comfortable working independently as a senior individual contributor and coordinating across technical and non-technical stakeholders
  • experience in agile environments and using agile tooling (ADO, JIRA)
  • This position requires candidates to be a US Person (Green Card holder or US Citizen)
  • Candidates must live near a Boeing Facility or be willing to relocate at their own expense

Nice to have:

  • Bachelor’s degree in Computer Science, Information Security, Engineering, or related technical field
  • advanced degree (MS or equivalent) preferred
  • Industry recognized security certifications (CISSP, CISM, CRISC) and/or cloud security certifications (AWS/Azure/GCP Security) preferred
  • Strong configuration skills for security/TPRM tooling (Aravo, ServiceNow GRC, RSA Archer, OneTrust, or similar) including forms, workflows, scoring, and data model configuration
  • Formal training or certification in Lean/Six Sigma, Kaizen, or similar continuous improvement methodologies
  • Practical experience designing, training, or integrating agentic AI components (LLM orchestration, retrieval-augmented generation, agent frameworks) into security processes - able to implement guardrails, audit logging, and privacy controls
  • Prior experience implementing AI governance for security use cases
  • Familiarity with software supply chain risk concepts (SBOMs)
  • Experience with SIEM/SOAR integrations, vulnerability management platforms, and continuous monitoring
  • Experience working in regulated industries (finance, aviation, healthcare, defense) or with global privacy/regulatory requirements (GDPR, CMMC, etc...)
  • Education/experience typically acquired through advanced education (e.g. Associate) and typically 2 or more years' related work experience or an equivalent combination of education and experience (e.g. Bachelor+1 years' related work experience, 5 years' related work experience, etc.)
What we offer:
  • competitive base pay and variable compensation opportunities
  • health insurance
  • flexible spending accounts
  • health savings accounts
  • retirement savings plans
  • life and disability insurance programs
  • several programs that provide for both paid and unpaid time away from work
  • generous company match to your 401(k)
  • industry-leading tuition assistance program pays your institution directly
  • fertility, adoption, and surrogacy benefits
  • up to $10,000 gift match when you support your favorite nonprofit organizations

Additional Information:

Job Posted:
March 22, 2026

Expiration:
April 04, 2026

Employment Type:
Fulltime
Work Type:
Remote work
Icon
Boeing - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Senior Cybersecurity Third-Party Risk Analyst

Third-Party Risk Analyst

As a Third-Party Risk Analyst, you will be responsible for evaluating, monitorin...
Location
Location
United States , Baltimore
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree in Risk, Business, Business Technology, Cybersecurity, or a related field
  • 2+ years of experience in third-party risk management, vendor management, procurement, internal audit
  • Strong understanding of third-party risk management principles, methodologies, and best practices
  • Detail-oriented and organized, with the ability to manage multiple priorities and deadlines in a fast-paced environment
  • Proficiency in using risk management tools, software, and technologies to support third-party risk assessment and monitoring activities
  • Excellent analytical, problem-solving, and critical-thinking skills, with the ability to assess complex situations and make informed risk-based decisions
  • Effective communication and interpersonal skills, with the ability to collaborate with stakeholders at all levels of the organization
Job Responsibility
Job Responsibility
  • Conduct comprehensive risk assessments of third-party vendors and service providers
  • Review and analyze third-party contracts, agreements, and security documentation
  • Develop and implement risk mitigation strategies and action plans
  • Monitor and track third-party risk indicators
  • Collaborate with internal audit, compliance, and information security teams
  • Collaborate with procurement, legal, and business units
  • Conduct periodic reviews and audits of third-party vendors
  • Provide regular reporting and updates to senior management, the board of directors, and other stakeholders
  • Stay informed about industry trends, emerging risks, and best practices in third-party risk management
What we offer
What we offer
  • Medical, vision, dental, and life and disability insurance
  • Eligibility to enroll in company 401(k) plan
  • Fulltime
Read More
Arrow Right

Senior Third-Party Security Risk Analyst

As a Senior Third-Party Security Risk Specialist at Ledger, you will play a vita...
Location
Location
France , Paris
Salary
Salary:
Not provided
https://www.ledger.com Logo
Ledger
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master degree in Information Security, Cybersecurity, or a related field
  • 5+ years of progressive experience in third-party risk management, with a strong background in audit, risk management, compliance, or a related control function within a complex organization
  • Proven project management skills with the ability to manage complex, cross-functional projects and maintain comprehensive documentation
  • In-depth knowledge of security frameworks and standards (e.g., ISO 27001, NIST Cybersecurity Framework) and experience in applying them to third-party risk management and regulatory requirements
  • Excellent analytical and problem-solving skills with a focus on identifying root causes and developing effective solutions
  • Strong communication and interpersonal skills, including the ability to influence and negotiate with vendors and stakeholders at all levels
Job Responsibility
Job Responsibility
  • Conduct comprehensive security assessments of third-party vendors, including reviewing their security policies, procedures, and controls
  • Proactively identify and evaluate potential security/privacy risks associated with a particular focus on those that could impact Ledger's reputation, financial stability, and customer trust
  • Develop and implement risk mitigation strategies to address identified vulnerabilities
  • Lead the collaboration with vendors to remediate security gaps and ensure compliance with Ledger's stringent security requirements
  • Establish and maintain a robust vendor security monitoring program, driving continuous improvement in vendor security posture and compliance
  • Develop, implement, and continuously improve Ledger's third-party security risk management program, including policies, standards, procedures, and tools
  • Prepare reports and presentations on vendor security risks and mitigation efforts to senior management, stakeholders, and the Comex
  • Participate in audits as part of the Privacy audit program according to the agreed annual audit plan
What we offer
What we offer
  • Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow
  • Flexibility: A hybrid work policy
  • Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
  • Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
  • Well-being: Personal development, coaching & fitness with our dedicated partners
  • Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days
  • High tech: Access to high performance office equipment and gadgets
  • Transport: Ledger reimburses part of your preferred means of transportation
  • Discounts: Employee discount on all our products
  • Fulltime
Read More
Arrow Right

Senior Third-Party Security Risk Analyst

As a Senior Third-Party Security Risk Specialist at Ledger, you will contribute ...
Location
Location
France , Paris
Salary
Salary:
Not provided
https://www.ledger.com Logo
Ledger
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master degree in Information Security, Cybersecurity, or a related field
  • 5+ years of progressive experience in third-party risk management, with a strong background in audit, risk management, compliance, or a related control function within a complex organization
  • Proven project management skills with the ability to manage complex, cross-functional projects and maintain comprehensive documentation
  • In-depth knowledge of security frameworks and standards (e.g., ISO 27001, NIST Cybersecurity Framework) and experience in applying them to third-party risk management and regulatory requirements
  • Excellent analytical and problem-solving skills with a focus on identifying root causes and developing effective solutions
  • Strong communication and interpersonal skills, including the ability to influence and negotiate with vendors and stakeholders at all levels.
Job Responsibility
Job Responsibility
  • Conduct comprehensive security assessments of third-party vendors, including reviewing their security policies, procedures, and controls
  • Proactively identify and evaluate potential security/privacy risks associated with a particular focus on those that could impact Ledger's reputation, financial stability, and customer trust
  • Develop and implement risk mitigation strategies to address identified vulnerabilities
  • Lead the collaboration with vendors to remediate security gaps and ensure compliance with Ledger's stringent security requirements
  • Establish and maintain a robust vendor security monitoring program, driving continuous improvement in vendor security posture and compliance
  • Develop, implement, and continuously improve Ledger's third-party security risk management program, including policies, standards, procedures, and tools
  • Prepare reports and presentations on vendor security risks and mitigation efforts to senior management, stakeholders, and the Comex
  • Participate in audits as part of the Privacy audit program according to the agreed annual audit plan.
What we offer
What we offer
  • Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow
  • Flexibility: A hybrid work policy
  • Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
  • Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
  • Well-being: Personal development, coaching & fitness with our dedicated partners
  • Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days
  • High tech: Access to high performance office equipment and gadgets
  • Transport: Ledger reimburses part of your preferred means of transportation
  • Discounts: Employee discount on all our products.
  • Fulltime
Read More
Arrow Right

Compliance Analyst

insightsoftware is seeking a detail-oriented and proactive Compliance Analyst to...
Location
Location
United States , Remote
Salary
Salary:
Not provided
insightsoftware.com Logo
insightsoftware
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in information security, Cybersecurity, Computer Science, Risk Management, Legal Studies, Business Administration, or related field
  • Minimum 3+ years of experience in compliance program management, risk management, or information security roles, preferably in regulated industries or technology companies
  • Demonstrated experience responding to third-party risk assessments, security audits, customer security questionnaires, RFPs, and compliance due diligence requests
  • Working knowledge of regulatory frameworks and standards (e.g., ISO 27001, SOC 2 (Type II), NIST, FedRAMP, CMMC, PCI DSS, GDPR, CCPA), trade control regulations (EAR, ITAR), anti-bribery/corruption laws (FCPA, UK Bribery Act), and data privacy principles
  • A strong knowledge of at least one regulatory framework governing matters pertaining to data privacy, cybersecurity, trade compliance, or third-party risk management
  • Experience with third-party screening tools and vendor risk management platforms
  • Familiarity with GRC or data protection management platforms (e.g., OneTrust, ServiceNowMetricStream)
Job Responsibility
Job Responsibility
  • Support the development, implementation, and maintenance of a global compliance program, including trade compliance, anti-bribery/corruption, anti-trust, and business ethics
  • Conduct secondary screening of third parties (vendors, partners, customers) , and assess potential matches against government watchlists of denied, debarred, sanctioned, or restricted parties to ensure compliance with applicable trade compliance, export control and sanctions regulations (e.g., U.S. Department of the Treasury Office of Foreign Assets Control ("OFAC"), U.S. Department of Commerce Bureau of Industry and Security ("BIS"), U.K. Office of Financial Sanctions Implementation ("OFSI"), European Union, and United Nations)
  • Assist with export classification determinations and licensing requirements for software products and services, including evaluation of Export Control Classification Numbers ("ECCNs")
  • Support the company's compliance with applicable data protection regulatory frameworks (e.g., GDPR, CCPA)
  • Support the Corporate Counsel, Data Privacy, AI, Cybersecurity with data protection initiatives and obligations including data mapping exercises, processing activity records, and privacy impact assessments, and coordinate responses to data subject access requests ("DSARs") and privacy-related inquiries
  • Support privacy management tools and platforms for consent management and privacy workflow automation
  • Partner with company counsel, InfoSec, and other stakeholders with compliance audits, data privacy questionnaires, and third-party risk assessment processes including vendor due diligence and ongoing monitoring
  • Support risk and control self-assessments ("RCSA"), audit management, and remediation tracking
  • Collaborate with stakeholders including the Chief Information Security Officer ("CISO") and the team to quantify, monitor, and report on security and compliance performance
  • Maintain GRC platforms (e.g., ServiceNow, Archer, MetricStream) to track compliance activities, risks, and controls
Read More
Arrow Right

Senior Cybersecurity Risk & Compliance Analyst

The Senior Cybersecurity Risk & Compliance Analyst is responsible for executing ...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
kennametal.com Logo
Kennametal
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in information security, Information Systems, Computer Science, or related field
  • 5–8 years of experience in cybersecurity risk management, GRC, or enterprise risk roles
  • Demonstrated hands-on experience conducting formal cybersecurity risk assessments
  • Working knowledge of major cybersecurity frameworks (NIST RMF, NIST CSF, ISO 27001)
  • Strong written and verbal communication skills with the ability to brief technical and non-technical audiences
Job Responsibility
Job Responsibility
  • Lead structured cybersecurity risk assessments across business, IT, and OT environments
  • Perform qualitative and quantitative risk analysis using recognized methodologies (e.g., NIST 800-30, FAIR, OCTAVE)
  • Maintain cybersecurity risk register entries, including risk statements, impact analysis, likelihood assessments, and remediation tracking
  • Monitor and report the status and effectiveness of risk mitigation plans
  • Develop and present cybersecurity risk status metrics and summaries for leadership review
  • Serve as a subject-matter expert for cybersecurity risk identification and treatment guidance
  • Identify confidentiality, integrity, and availability (CIA) requirements for information assets
  • Support Kennametal’s information classification and data protection programs
  • Provide risk-based input into data protection controls, including Data Loss Prevention (DLP) strategies
  • Advise stakeholders on appropriate handling, labeling, and protection of sensitive data
  • Fulltime
Read More
Arrow Right

Senior Security GRC Analyst

Lambda, The Superintelligence Cloud, is a leader in AI cloud infrastructure serv...
Location
Location
United States , San Francisco; San Jose
Salary
Salary:
154000.00 - 200000.00 USD / Year
lambda.ai Logo
Lambda
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 8 years of experience supporting cybersecurity risk or controls management programs
  • In-depth knowledge and experience of cybersecurity frameworks including ISO 27001 and 27701, PCI-DSS, SOC, NIST CSF and other regulatory requirements
  • Experience managing and running audits, certification programs and control assessments
  • Experience collaborating closely with engineers, business teams, and security partners
  • Strong ability to define, drive and execute a program vision, strategy, approach and milestones in alignment with organization priorities and initiatives
Job Responsibility
Job Responsibility
  • Validate and verify the organization's security controls and practices meet the requirements of ISO 27001, 27701, PCI, SOC 2 and other relevant regulatory requirements to ensure alignment to business objectives
  • Manage IT Risk Register including risk identification, tracking, and prioritization
  • Assist with and drive remediation of control deficiencies and gaps
  • Provide guidance to Control Owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.)
  • Communicate with technical and non-technical stakeholders and leaders on cybersecurity risk and controls management topics and program-specific reporting
  • Assist with the Customer Trust program which may include managing customer assessments, and security questionnaires
  • Assist control owners with root cause analysis and track risk management action plan progress
  • Create risk metrics for management regarding information security control maturity, compliance status, risks, performance and findings
  • Assist with the third-party risk management assessment process, ensuring consistent enforcement of information security requirements
What we offer
What we offer
  • Generous cash & equity compensation
  • Health, dental, and vision coverage for you and your dependents
  • Wellness and commuter stipends for select roles
  • 401k Plan with 2% company match (USA employees)
  • Flexible paid time off plan
  • Fulltime
Read More
Arrow Right

Senior Business Analyst

FinXL IT is looking for a Senior Business Analyst to lead the strategic evolutio...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
finxl.com.au Logo
FinXL
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Senior Business Analyst with extensive email proxy/email security gateway experience
  • Demonstrated experience and/or understanding of mail flows and system connectors
  • Technical acumen across Exchange Online Protection and Defender for O365
  • Demonstrated experience in process modelling and requirements analysis
  • Previous delivery in complex, regulated industries with dispersed teams
  • Expertise in Project Methodology Frameworks and best practices
  • Exceptional communication and stakeholder influencing skills
Job Responsibility
Job Responsibility
  • Facilitate workshops to capture complex functional and non-functional requirements for email security migrations and tenant-to-tenant consolidations
  • Document "as-is" and "to-be" mail flow architectures, identifying bottlenecks in relay services or third-party integrations
  • Evaluate and select enterprise email security gateways (e.g., Proofpoint, Mimecast, or Microsoft Defender)
  • Define acceptance criteria and oversee User Acceptance Testing for global messaging changes to ensure zero business disruption
  • Contribute to Change and Risk Impact Assessments and high-level designs
  • Conduct third-party risk assessments of applications and systems
  • Manage extensive vendor engagements to ensure seamless service transition
What we offer
What we offer
  • Opportunity to work on a high-priority cybersecurity migration project
  • Be the bridge for technical requirements between vendors and business
Read More
Arrow Right

Vice President, ISO Lead Analyst, Technology

The Information Security Operations (ISO) Lead Analyst is a senior level profess...
Location
Location
Japan , Chiyoda, Tokyo
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6-10 years of relevant experience
  • Proficient in interpreting and applying policies, standards and procedures
  • Consistently demonstrates clear and concise written and verbal communication both in English and Japanese
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Bachelor’s degree/University degree or equivalent experience
  • Professional certifications such as CISSP, CISM, CCSP, CISA, etc. preferred
  • Business-level English proficiency for communicating with global peers
  • Communicate proficiently in Japanese with regulatory and law enforcement authorities, local businesses, and vendors
Job Responsibility
Job Responsibility
  • Support the implementation of the IS Training Plan, by verifying training participants completed the training and understand IS requirements
  • Coordinate with cross-functional Operations and Technology (O&T) counterparts and teams to improve O&T risk oversight
  • Provide recommendations on IS aspects of projects and assess/report Corrective Action Plans to improve IS programs and initiatives
  • Escalate significant risks to the Regional/Sector IS Leadership for information or required actions
  • Attend and participate in internal/external IS forums and risk committees when necessary
  • Improve processes, by removing deficiencies and enhancing current tools that reduce an overall risk profile
  • Ensure security practices/standards compliance and reduce security risks through enhancing controls and minimizing weaknesses in Citi’s applications portfolio
  • Ensure audits are passed with a satisfactory audit rating for all IS topics
  • Ensure non-compliant items are resolved through coordination with Business Manager and business staff
  • Support the Global Information Security (GIS) policies, standards, and initiatives development and implementation
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy