
Third Party Risk Management Analyst
Posted 3 hours ago

Posted 3 hours ago
This is a fully remote position, open to applicants in United States.
• Oversee and enhance CrowdStrike's Third Party Risk Management program, which includes policies, standards, procedures, and assessment methodologies.
• Execute security risk evaluations of third-party vendors, assessing controls across multiple domains such as data security, access management, incident response, business continuity, and compliance.
• Classify and prioritize vendors based on risk factors like data sensitivity, operational reliance, and regulatory requirements.
• Manage vendor risk findings, remediation strategies, and exceptions, collaborating with vendors and internal stakeholders to resolve issues promptly.
• Keep track of the third-party risk landscape, including emerging threats, regulatory changes, and vendor security incidents, while communicating relevant updates to stakeholders.
• Create and maintain TPRM dashboards and reporting tools to offer visibility into vendor risk posture and program health.
• Design and deliver training and communication to internal stakeholders regarding TPRM processes, requirements, and responsibilities.
• Identify ways to automate and enhance TPRM workflows, utilizing GRC tools and integrations to boost efficiency and scalability.
• Proactively detect gaps in the TPRM program and lead initiatives to address and remediate them.
• Carry out additional responsibilities within the scope of Third Party Risk Management and broader Cyber GRC.
• Bachelor's degree in Computer Science, Information Security, Business, or a related field; or up to 5 years of relevant experience.
• Technical expertise in third party risk management, vendor risk, supply chain security, or related fields.
• Familiarity with GRC or TPRM platforms such as ServiceNow, OneTrust, ProcessUnity, or comparable tools.
• Strong comprehension of security risk assessment methodologies and control frameworks relevant to third-party environments.
• Knowledge of regulatory requirements and frameworks such as SOC 1/SOC 2, ISO 27001/27002, NIST 800-53, CSA-CCM, GDPR, and PCI-DSS as they pertain to vendor relationships.
• Experience in assessing vendor security documentation, including SOC reports, penetration test results, and responses to questionnaires.
• Demonstrated experience in utilizing AI technologies to improve decision-making, streamline workflows, enhance efficiency, and drive business outcomes.
• Preferred certifications: CISSP, CISM, CRISC, or equivalent security certifications.
• Certifications related to third party risk such as CTPRP (Certified Third Party Risk Professional) are advantageous.
• Ability to strategically assess supply chain and vendor risks and relate them to CrowdStrike's overall risk posture.
• Strong analytical and problem-solving abilities to evaluate vendor controls, identify gaps, and prioritize remediation efforts.
• Excellent communication skills to effectively convey technical risk findings to non-technical stakeholders, including executives and procurement teams.
• Proven capability to establish and maintain relationships with external vendors and internal cross-functional partners.
• Leadership skills to conduct vendor risk assessments, manage remediation efforts, and influence stakeholders without direct authority.
• Experience in managing risk programs or projects, including scoping, stakeholder coordination, and tracking deliverables against timelines.
• Market leader in compensation and equity awards.
• Comprehensive physical and mental wellness programs.
• Competitive vacation and holidays for recharging.
• Paid parental and adoption leaves.
• Professional development opportunities for all employees regardless of level or role.
• Employee Networks, geographic neighborhood groups, and volunteer opportunities to foster connections.
• Vibrant office culture with world-class amenities.
• Great Place to Work Certified™ globally.
Expleo Group
Gramian Consulting
Extractta
Quid
Get handpicked remote jobs straight to your inbox weekly.