Third Party Risk Analyst

Overview

Manage full lifecycle of third‑party risk assessments and monitoring for supply chain security.

Key Responsibilities

• risk assessment
• onetrust
• process automation
• asset mapping
• contract management
• monitoring

Tasks

-Execute the TPRM Process: Conduct comprehensive risk assessments on third parties including analysis of appropriate security controls, contract requirements, and compliance documentation. You'll be responsible for gathering necessary information directly from third parties. -Maintain Accurate Records: Accurately document all assessment activities, findings, and mitigation efforts in our TPRM platform (OneTrust). -Contribute to Program Development: Help shape and refine our TPRM policies and procedures. Look for ways to improve efficiency, including the use of automation and AI. -Identify Critical Systems and Assets: Partner with technical and business teams to map sensitive data and critical systems. You'll also categorize third parties to guide reassessment and identify processor/sub-processor relationships. -Support Contracting: Work with our legal and procurement teams to include security and data protection requirements in contracts. -Provide Operational Support: Guide business owners and third parties through the TPRM process, answering questions and providing a smooth experience. -Monitor and Report: Support ongoing monitoring of third parties and contribute to recurring reports on the program's health and effectiveness.

Requirements

• bachelor's
• power bi
• onetrust
• iso 27001
• gdpr
• communication

What You Bring

-Experience: Bachelor’s degree and at least 5 years of direct experience in third party risk management, information security, or GRC. Direct experience conducting complex, end-to-end risk assessments, preferably in a fast-paced or regulated environment. -Preferred: Familiarity with data analysis and visualization tools like Power BI to support data-driven decisions. -Platform Proficiency: Hands-on experience with a TPRM platform like OneTrust, including customizing workflows and managing automations. -Skills: Exceptional communication and presentation skills, with the ability to interact effectively with stakeholders at all levels. Provide critical thinking with strong analytical and problem-solving abilities. -Independent Contributor: Proven ability to work independently, take ownership of tasks, and prioritize effectively in a dynamic environment. -Technical Knowledge: Deep understanding of information security and data protection frameworks (e.g., NIST CSF, ISO 27001, SOC 2) and regulations (e.g., GDPR, CCPA, EU AI ACT). Strong knowledge of different data and system risk types and a proactive approach to risk mitigation.

People Also Searched For

About Procore Technologies

-The company developed a cloud-based software platform designed to streamline collaboration between stakeholders in the construction industry. -Procore’s platform includes tools for project planning, financial management, quality and safety, and field communication. -The platform’s real-time data updates and mobile accessibility are essential for keeping projects on track, improving efficiency, and reducing costs. -Notable clients include large construction firms and contractors that manage complex and multi-million dollar projects. -Procore continues to innovate in the construction tech space, regularly releasing new features and integrations to enhance project management and workflows.

Sector Specialisms

Security Clearance

-criminal history may affect eligibility for certain duties and could lead to withdrawal of offer.