Back to jobs

Senior Analyst, Third Party Risk

Senior Analyst, Third Party Risk

About the Opportunity:

The Senior Analyst, Third Party Risk will play a crucial role in managing and streamlining Veza's response to customer security and risk assessments and contract security and privacy reviews. This position requires a detail-oriented and analytical individual with a strong background in information security, risk management, data privacy and contract language. The role will report into the Security & Trust Office and will be instrumental in enhancing Veza's security posture and customer relationships.

Location: Remote

Core Roles and Responsibilities:

  • Third Party Risk Assessment Management
  • Security and Privacy Contract Review and Negotiation
  • Process Development and Optimization
  • Cross-functional Collaboration
  • Compliance and Security Posture Improvement

You Will: 

Third Party Risk Assessment Management:

  • Develop and maintain a comprehensive process for handling customer security and risk assessments and questionnaires.
  • Respond to customer security inquiries, RFIs, and RFPs in a timely and accurate manner.
  • Coordinate with internal teams to gather necessary information for completing assessments.
  • Maintain a database of standard responses to common security questions.

Security Contract Review and Negotiation:

  • Review and analyze security-related and privacy-related clauses in customer contracts and agreements.
  • Collaborate with legal and sales operations teams to negotiate security terms that align with Veza's capabilities and risk tolerance.
  • Develop and maintain a library of approved security language for contracts.
  • Stay informed about industry standards and best practices in security contract language.

Process Development and Optimization:

  • Create and implement efficient workflows for managing the influx of security assessments and contract reviews.
  • Develop templates, checklists, and guidelines to ensure consistency in responses.
  • Implement tools and technologies to automate and streamline the assessment and review processes.
  • Continuously improve processes based on feedback and changing requirements.

Cross-functional Collaboration:

  • Work closely with Sales, Legal, Product, and Engineering teams to ensure accurate and consistent responses to customer inquiries.
  • Collaborate with the Security team to stay updated on Veza's security controls and practices.
  • Provide regular updates to leadership on assessment trends, contract negotiations, and potential risks.

Compliance and Security Posture Improvement:

  • Identify common customer security requirements and work with internal teams to address any gaps.
  • Contribute to the maintenance and improvement of Veza's compliance certifications (e.g., SOC 2, ISO 27001).
  • Analyze trends in customer security requirements to inform Veza's security roadmap.

Requirements:

  • Bachelor's degree in Information Security, Risk Management, or a related field; Master's degree preferred.
  • Minimum of 5 years of experience in information security, with a focus on third-party risk management and security assessments.
  • Strong understanding of cloud security, data protection principles, data privacy, and common compliance frameworks (e.g., SOC 2, ISO 27001, GDPR).
  • Experience with contract review and negotiation, particularly security-related clauses.
  • Excellent analytical and problem-solving skills with meticulous attention to detail.
  • Strong written and verbal communication skills, with the ability to explain complex security concepts to various audiences.
  • Proficiency in using GRC (Governance, Risk, and Compliance) tools and other relevant technologies.
  • Relevant certifications such as CISSP, CISA, or CRISC are highly desirable.
  • Familiarity with SaaS business models and associated security challenges is a plus.



Our Culture 

We’re driven to build a strong company culture and are looking for individuals with solid alignment with the following:

  • Ownership Mindset
  • Act with Integrity
  • Guardians of our Customers
  • Opinionated Humility
  • Build Trust, Earn Trust
What we offer
  • Competitive salary and equity packages
  • 401(k) retirement plan
  • Pre-tax health care, dependent care, and commuter benefits (FSA)
  • Flexible medical, dental, and vision benefits
  • Parental leave
  • Flexible Time Off
  • Monthly Connectivity Stipend

At Veza, your base pay is one part of your total compensation package. For this position, the reasonably expected pay range can be discussed with your recruiter for the level at which this job has been scoped. Your base pay will depend on several factors, including your experience, qualifications, education, location, and skills. In the event that you are considered for a different level, a higher or lower pay range would apply. This position is also eligible for equity and a competitive benefits package.

Veza is proud to be an equal opportunity employer. We are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, or other applicable legally protected characteristics. We also consider qualified applicants according to applicable federal, state, and local laws. If a candidate with a disability requires an accommodation during the recruitment process, please email recruiting@veza.com

About Veza

Veza is the identity security company. Identity and security teams use Veza to secure identity access across SaaS apps, on-prem apps, data systems, and cloud infrastructure. Veza solves the blind spots of traditional identity tools with its unique ability to ingest and organize permissions metadata in the Veza Authorization Graph. Global enterprises like Blackstone, Wynn Resorts, and Expedia trust Veza to visualize access permissions, monitor permissions activity, automate access reviews, and remediate privilege violations. Founded in 2020, Veza is headquartered in Redwood City, California, and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures. Visit us at veza.com and follow us on LinkedIn, Twitter, and YouTube.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Select...
Select...

Education

Select...
Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Veza Technologies, Inc. ’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.