CrawlJobs Logo
OnePay Logo OnePay · Finance

Third Party Risk Analyst

United States 125000.00 - 190000.00 USD / Year · Job Posted February 21, 2026
Apply Position
Job Link Share

Job Description

As a TPRM (Third Party Risk) Analyst at OnePay, you will play a critical role in safeguarding our ecosystem from third-party security risks. You’ll assess the posture of high-risk vendors, review security attestations and contracts, and ensure compliance with our audit and regulatory standards. Your work will directly impact our ability to prevent breaches and maintain customer trust!

Job Responsibility

  • Conduct vendor risk reviews and evaluate third-party attestations such as SOC 2, ISO 2700x, and other security certifications
  • Analyze vendor contracts and identify potential risk clauses or data security implications
  • Support annual high-risk vendor audits and maintain documentation to meet compliance requirements
  • Collaborate cross-functionally with Legal, Procurement, Engineering, and Compliance teams to assess risk exposure and mitigation plans
  • Provide technical insight into vendor integrations, authentication, and infrastructure security controls

Requirements

  • 5–8+ years of experience in information security, vendor risk management, or related technical risk roles
  • Strong understanding of security frameworks and certifications (SOC 2, ISO 2700x, NIST, etc.)
  • Familiarity with authentication, disaster recovery, and infrastructure security concepts
  • Ability to interpret and challenge vendor-provided attestations and control summaries
  • Comfort reviewing contracts and identifying clauses impacting data handling or access control
  • Excellent communication and analytical skills, with the ability to ask critical questions and present findings clearly
  • Drive and proactivity – everyone here is a builder and executor

What we offer

Offers Equity

OnePay - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Third Party Risk Analyst

8 matching positions

Third Party Risk Analyst

Our team members are at the heart of everything we do. At Cencora, we are united...
Location
Location
Colombia , Bogota
Salary
Salary:
Not provided
cencora.com Logo
Cencora
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree – required
  • 3-5 years of work experience in similar position
  • Strong understanding of risk management principles and practices, particularly as they relate to third party relationships
  • Familiarity with contract negotiation, invoice processing or legal terms review preferred
  • Proficiency in data analysis and the ability to assess and interpret contracts, compliance documentation, and financial statements
  • Excellent written and verbal communication skills required for reporting findings, communicating with vendors and collaborating with internal stakeholders
  • The ability to identify and mitigate risks, as well as to develop effective risk mitigation strategies
  • Self-motivated, ability to work independently, strong organizational skills
  • Ability to multitask and work in a fast paced environment
  • Consistently delivers results and meets deadlines
Job Responsibility
Job Responsibility
  • Identify, measure, and report operational and Third-Party Risk Management risks
  • Support management of third-party risk onboarding and due diligence by ensuring appropriate risk assessments are completed
  • Assist Business Owners with due diligence documentation and evaluation of third-party relationships
  • Execute issue management end-to-end activities (issue identification, prioritization, assignment, remediation, closure) for matters pertaining to third parties
  • Ensure adequate, appropriate, and current third-party risk documentation is maintained in the Third Party Risk Management Software System
  • Leverage the Third-Party Risk Management Software System as the system of record and as a reporting tool to analyze vendors for risk analysis
  • Consult with business leaders to effectively manage change when required
  • Provide risk oversight for process improvement projects, as needed
  • Liaise with senior management and Third-Party Risk Management stakeholders
  • Oversee and / or develop ongoing monitoring activities in alignment with TPRM policy
  • Fulltime
Read More
Arrow Right

Third Party Risk Analyst

Working at Citi is far more than just a job. A career with us means joining a te...
Location
Location
United Kingdom , Belfast
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Knowledge in risk management, particularly Resilience and Third-Party Risk Management
  • Understanding of Third-Party Management policy and procedures
  • Familiarity with risk governance structures and risk appetite parameters
  • Ability to create, apply, and analyse reports
  • Background in the implementation of third-party and resilience risk processes across various sectors and regions
  • Experience in conducting comprehensive third-party and resilience risk management reviews
  • Knowledge of relevant regulations and standards related to risk management, and ability to ensure compliance
  • Adapt to work across a diverse organisation, managing various sectors and regions
  • Utilise strong analytical skills to interpret complex data and present it in a clear and understandable manner
  • Identify and address potential risks, ensuring adherence to regulatory standards
Job Responsibility
Job Responsibility
  • Represent business leadership in Third-Party Risk Management activities coordination and facilitation
  • Evaluate market conditions and provide insight into trends that could impact the business
  • Verify third-party compliance to required policies and controls and advise on third-party risk assessments and reassessments
  • Partner with operations and tech teams for on-site visits of third parties when necessary
  • Maintain and update Exit Strategy Plans as required
  • Address escalations of non-performance and contractual issues with third parties when necessary
  • Monitor third-party performance and service level agreements
  • Ensure proper execution and upload of third-party contracts in Contract Management System
  • Review, prioritise, assess, and act on third-party risk management assessments results
  • Facilitate remediation of issues or gaps identified during ongoing monitoring
  • Fulltime
Read More
Arrow Right

Third Party Risk Analyst Lead

Individuals in Operational Risk establish and manage operational risk policies, ...
Location
Location
United Kingdom , Belfast
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Understanding of Third Party Risk management lifecycle and risk assessment processes
  • Thought leadership and clarity in presenting ideas to senior management
  • Proven technical knowledge of resilience and Third-Party Risk principles and processes, to include up to date knowledge of current technology solutions, including Cloud
  • Experience in implementing risk processes across a large and diverse organization
  • Knowledge of regulatory requirements underpinning resilience and the Third-Party Risk Management and Outsourcing Lifecycle
  • Excellent analytical skills to interpret and present complex data
  • Proficiency in the use of MIS and other risk management tools
  • Excellent project management skills to oversee risk reviews and mitigation efforts
  • Strong communication skills to provide counsel and collaborate with various stakeholders
  • Ability to challenge and scrutinize established practices
Job Responsibility
Job Responsibility
  • Represent business leadership to coordinate and facilitate Third-Party Risk Management activities
  • Evaluate current market conditions and provide insight on trends/issues that could impact the business by external third parties
  • Advise the BAO on risk assessment for third parties and reassess as required
  • identify significant relationship changes to trigger risk assessment updates
  • Verify compliance of third parties with required policies and controls
  • Partner with business operations, technology teams, and internal functions to conduct on-site visits of third parties, as required
  • Maintain and update Citi’s Exit Strategy Plans as required
  • collaborate with business contacts to establish risk mitigation activities when the exit strategy poses significant risk to Citi
  • Interact with third parties on escalations of non-performance and contractual issues to drive resolution when appropriate
  • Monitor third party performance and Service Level Agreements (SLAs) through Citi Performance Management Assessment (PMA) process
  • Fulltime
Read More
Arrow Right

Third Party Vendor Management Senior Analyst

Individuals in Operational Risk establish and manage operational risk policies, ...
Location
Location
Costa Rica , Heredia
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-8 years of experience
  • Knowledge in risk management, particularly Resilience and Third-Party Risk Management
  • Understanding of Third-Party Management policy and procedures
  • Familiarity with risk governance structures and risk appetite parameters
  • Ability to create, apply, and analyze MIS of reports
  • Background in the implementation of third-party and resilience risk processes across various sectors and regions
  • Experience in conducting comprehensive third-party and resilience risk management reviews
  • Knowledge of relevant regulations and standards related to risk management, and ability to ensure compliance
  • Adapt to work across a diverse organization, managing various sectors and regions
  • Utilize strong analytical skills to interpret complex data and present it in a clear and understandable manner
Job Responsibility
Job Responsibility
  • Represent business leadership in Third-Party Risk Management activities coordination and facilitation
  • Evaluate market conditions and provide insight into trends that could impact the business
  • Advise on third-party risk assessments and reassessments
  • Verify third-party compliance to required policies and controls
  • Partner with operations and tech teams for on-site visits of third parties when necessary
  • Maintain and update Exit Strategy Plans as required
  • Address escalations of non-performance and contractual issues with third parties when necessary
  • Monitor third-party performance and service level agreements
  • Ensure proper execution and upload of third-party contracts in Contract Management System
  • Review, prioritize, assess, and act on third-party risk management assessments results
  • Fulltime
Read More
Arrow Right

Third Party Vendor Management Lead Analyst

Individuals in Operational Risk establish and manage operational risk policies, ...
Location
Location
Costa Rica , Heredia
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6-10 years of experience
  • Understanding of Third Party Risk management lifecycle and risk assessment processes
  • Thought leadership and clarity in presenting ideas to senior management
  • Proven technical knowledge of resilience and Third-Party Risk principles and processes, to include up to date knowledge of current technology solutions, including Cloud
  • Experience in implementing risk processes across a large and diverse organization
  • Knowledge of regulatory requirements underpinning resilience and the Third-Party Risk Management and Outsourcing Lifecycle (OCC/FRB/EBA/PRA/MAS, etc.)
  • Excellent analytical skills to interpret and present complex data
  • Proficiency in the use of MIS and other risk management tools
  • Excellent project management skills to oversee risk reviews and mitigation efforts
  • Strong communication skills to provide counsel and collaborate with various stakeholders
Job Responsibility
Job Responsibility
  • Represent business leadership to coordinate and facilitate Third-Party Risk Management activities
  • Evaluate current market conditions and provide insight on trends/issues that could impact the business by external third parties
  • Advise the BAO on risk assessment for third parties and reassess as required
  • identify significant relationship changes to trigger risk assessment updates
  • Verify compliance of third parties with required policies and controls
  • Partner with business operations, technology teams, and internal functions to conduct on-site visits of third parties, as required
  • Maintain and update Citi’s Exit Strategy Plans as required
  • collaborate with business contacts to establish risk mitigation activities when the exit strategy poses significant risk to Citi
  • Interact with third parties on escalations of non-performance and contractual issues to drive resolution when appropriate
  • Monitor third party performance and Service Level Agreements (SLAs) through Citi Performance Management Assessment (PMA) process
  • Fulltime
Read More
Arrow Right

Resilience Risk 2nd LOD Lead Analyst, Vice President

Individuals in Operational Risk establish and manage operational risk policies, ...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6-10 years of experience
  • Understanding of Third Party Risk management lifecycle and risk assessment processes
  • Thought leadership and clarity in presenting ideas to senior management
  • Proven technical knowledge of resilience and Third-Party Risk principles and processes, to include up to date knowledge of current technology solutions, including Cloud
  • Experience in implementing risk processes across a large and diverse organization
  • Knowledge of regulatory requirements underpinning resilience and the Third-Party Risk Management and Outsourcing Lifecycle (OCC/FRB/EBA/PRA/MAS, etc.)
  • Excellent analytical skills to interpret and present complex data
  • Proficiency in the use of MIS and other risk management tools
  • Excellent project management skills to oversee risk reviews and mitigation efforts
  • Strong communication skills to provide counsel and collaborate with various stakeholders
Job Responsibility
Job Responsibility
  • Provide strategic support in the formulation and implementation of operational risk management policies and procedures, prioritizing resilience and third-party risk management
  • Drive the identification, measurement, monitoring, and management of residual and emerging risks, ensuring consistent practices across the organization
  • Champion continuous improvement initiatives, incorporating lessons learned from resilience tests, simulations, and third-party risk analysis
  • Act as a liaison with internal and external stakeholders, fostering effective collaboration in risk management
  • Oversee and challenge key risk indicators and material operational risks, ensuring resilience and third-party risks stay within defined Risk Appetite parameters
  • Lead oversight reviews, addressing root causes of unintended losses and ensuring policy and regulatory compliance in resilience and third-party risk management
  • Assess the effectiveness of business and technology capabilities and controls across the organization, promoting the implementation of sound risk management processes
  • Develop, implement, and analyze reports to identify excessive risk areas, ensuring the effectiveness of risk mitigation efforts involving third parties
  • Facilitate the dissemination of operational risk management best practices, raising awareness of resilience and third risk-party among all staff
  • Assist risk management team leaders in staff development, fostering a high level of competence and morale in operational risk management
What we offer
What we offer
  • Global Benefits
  • support your well-being, growth and work-life balance
  • Fulltime
Read More
Arrow Right

Senior Governance, Risk and Compliance Analyst - Governance

Come join the company that is reinventing cloud security and empowering business...
Location
Location
Netherlands
Salary
Salary:
Not provided
wiz.io Logo
Wiz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in one or more of the Governance, Risk, and Compliance domains
  • Passion for security and keeping Wiz safe
  • Ability to collaborate with technical and non-technical teams alike to further oversight responsibilities of Security
  • Deep knowledge of one or more industry frameworks such as ISO 27001, ISO 27017, SOC 2, PCI DSS, NIST CSF, etc. and baseline knowledge of others
  • Ability to assist with security compliance assessments to ensure compliance with internal and external requirements (ISO, NIST, CIS, etc.)
  • Experience working in a fast-paced tech environment both independently, and collaboratively within a team environment
  • Ability to build strong relationships across teams and functions in a global workplace
  • Applicants must have the legal right to work in the country where the position is based, without the need for visa sponsorship
Job Responsibility
Job Responsibility
  • Design and update policies, procedures, and controls to drive confidentiality, integrity, and availability across the Wiz environment
  • Continuously improve processes, tools, and procedures for audit and compliance management
  • Collaborate and work cross-functionally across the company to address governance and compliance needs and to support the Wiz Control Framework, partnering with Engineering, Product, Sales, Legal, HR, and other teams
  • Proactively improvement control design and performance to address a changing risk landscape
  • Deliver timely audits through working with internal and external auditors
  • Help customer-facing teams respond to information security requirements and questionnaires
  • Assist with third party risk management reviews, assessing vendor’s security, compliance, and privacy posture
  • Participate in team project management, including documentation, project planning, task management, and prioritization
  • Participate in recurring annual core audits (e.g., SOC 2, ISO, PCI)
  • Maintain awareness of security and regulatory trends, perform research and analysis on new certifications, and help Wiz pursue new international compliance initiatives
Read More
Arrow Right

Security Governance Risk & Compliance (GRC) Analyst

Here at Virtru you’ll help build a cutting edge security compliance program alig...
Location
Location
United States , Washington, DC
Salary
Salary:
130000.00 - 180000.00 USD / Year
virtru.com Logo
Virtru
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 5+ years of information security, IT audit and/or IT Risk Management, or GRC Analyst/Engineer experience
  • Deep understanding of at least few of the following: CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and/or other global privacy compliance frameworks
  • Technical acumen. Strong understanding of modern cloud technologies (AWS, GCP, Azure, etc.) and familiarity with GRC tools (Hyperproof, Vanta, Drata, etc) and SIEM tools (Datadog, Splunk)
  • You’re a relationship builder and have worked with both business and technical risk and understand how to translate risk to various levels of the organization
  • Have experience training and coaching teams to become better security and privacy practitioners
  • Like working on an autonomous agile team
  • Ability to resolve conflicts and drive issues to completion
  • Work independently with little or no supervision while maintaining a high level of efficiency
  • Hands on experience deploying and managing vulnerability scanning/cloud security posture management tools (Wiz, Prismacloud, etc.) to meet security compliance requirements
  • Real-world IR experience participating on security On-Call teams
Job Responsibility
Job Responsibility
  • Manage and implement complex controls frameworks for large systems, consisting of Cloud infrastructure and Software as a Service (SaaS) services (GCP, AWS, GitHub, Okta, etc)
  • Design and develop automation solutions for evidence collection across Cloud infrastructure, endpoints, and SaaS services
  • Conduct risk assessments across business units and processes. Identify risk findings and recommend remediation and risk mitigation strategies
  • Assist or implement automated controls to support risk mitigation efforts across various business units with stakeholders
  • Incorporate CMMC certification into Virtru’s slate of compliance assessments and ongoing monitoring activities (FedRAMP, SOC 2, PCI)
  • Facilitate the third-party vendor on-boarding and annual review process by evaluating the security of current and prospective partners
  • Participate in incident response (IR) activities, providing risk analysis and remediation support as needed
  • Enhance the team with your individualism, spirit, and love of learning
What we offer
What we offer
  • A Flexible PTO policy
  • A $1,500 annual Learning & Development Stipend
  • Frequent company-sponsored team celebrations
  • Access to an Employee Assistance Program
  • Access to Headspace, a mental health app
  • A flat 3% contribution to your retirement account
  • A high degree of flexibility
  • Competitive compensation
  • Generous parental, medical, and bereavement policies
  • 401K contribution and stock options
  • Fulltime
Read More
Arrow Right