TPRM Analyst, Info Sec
About Us
About the Role
We are seeking a detail-oriented, analytical, and highly motivated Senior/Staff Analyst to support and scale our Information Security Third-Party Risk Management (TPRM) program. This role will play a key part in assessing, monitoring, and mitigating risks associated with third-party vendors. You will use our new modern, AI-powered TPRM platform to assess risk, analyze vendor responses and artifacts, and drive practical informed recommendations. You will partner closely with cross-functional teams, including Legal, Procurement, Information Security, and business stakeholders to enable risk-informed decisions and strengthen our overall third-party risk posture.
Your Impact
- Strengthen Resilience: Directly contribute to the security and resilience of the organization by developing and supporting a robust third-party risk management framework
- Drive Compliance: Ensure third-party relationships adhere to company policies, regulatory requirements, and industry best practices
- Enable the Business: Partner with business units to support risk-aware decision-making, enabling effective supplier engagement while safeguarding the organization
Key Responsibilities
Risk Assessment & Due Diligence
- Perform thorough due diligence reviews with the assistance of our AI-powered platform, including risk questionnaires, documentation analysis, and standard supplier due diligence assessments
- Ensure all third-party due diligence artifacts and supporting documentation are properly captured and maintained in the TPRM platform
- Evaluate third-party controls and documentation (e.g., SOC reports, policies, certifications etc.)
- Coordinate closely with other Information Security (e.g., security architecture / engineering, and subsidiary GRC) teams throughout the business to further assess third-party solutions as needed
- Advise business and stakeholders on third-party risk
Monitoring, Remediation, and Offboarding
- Continuously monitor third-party cyber posture, including ransomware susceptibility, breach likelihood, and other open-source intelligence signals using our modern cyber rating platform
- Triage alerts and escalate early warnings as appropriate
- Develop and manage corrective action plans and control documentation for identified risks and/or issues
- Track and evaluate vendor remediation efforts to ensure timely and effective resolution, working with business owners to address underperformance or emerging concerns
- Conduct periodic and event-driven reassessments of third parties based on risk and criticality
- Ensure secure third-party offboarding, including data handling, access revocation, and closure of contractual and security obligations.
Collaboration & Process Improvement
- Collaborate with business units, Legal, Information Security, and other risk subject matter experts to address and mitigate identified risks
- Support internal, customer, and third-party audits related to supplier risk and compliance
- Contribute to the development and enhancement of TPRM policies, standards, and procedures
- Create and implement scalable solutions for supplier tracking, monitoring, and compliance
- Stay current on industry trends, emerging risks, and regulatory changes impacting third-party relationships
What We’re Looking For
- Deep experience in Information Security Third-Party Risk Management, Risk Management, GRC Compliance, or a related field
- Strong analytical skills with the ability to identify, assess, and resolve complex issues
- Familiarity with risk management frameworks (e.g., NIST, ISO etc.) and vendor risk best practices
- Excellent communication and interpersonal skills, with the ability to collaborate effectively across teams
- High level of professionalism, integrity, and commitment to accuracy and thoroughness
- A risk-focused, outcomes-focused mindset - you know how to balance thoroughness with speed, and you're comfortable prioritizing efforts to address most critical risks and moving quickly in a fast-paced business without compromising control integrity
- Comfortable working with technology platforms and AI-assisted tooling (you don't need to be technical, but you should be curious and adaptable)
What Success Looks Like
- Consistent, high-quality execution of vendor risk assessments and due diligence
- Clear, actionable reporting that enhances leadership visibility into third-party risk
- Strong cross-functional partnerships enabling risk-informed business decisions
- Continuous improvement of TPRM processes, tools, and controls
Why Join Us
- Opportunity to help build and mature a critical risk management function
- High visibility role with cross-functional impact
- Collaborative and fast-paced environment
The salary range represents base pay only and does not include short-term or long-term incentive compensation. When determining base pay as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training. For information about our benefits, please visit https://benefitsatfanatics.com/
Salary Range
$155,000 - $165,000 USD
Create a Job Alert
Interested in building your career at Fanatics Inc.? Get future opportunities sent straight to your email.
Apply for this job
*
indicates a required field