To Apply for this Job Click Here
Job Title: Third Party Risk Analyst
Location: REMOTE (LATAM or North America)
Job Summary
The Sr Third-Party Cybersecurity Risk Analyst is responsible for designing, building, implementing, and operating the enterprise third-party cybersecurity risk management (TPRM) program end-to-end. This role will establish the governance framework, risk assessment methodology, workflows, and reporting required to effectively identify, assess, monitor, and manage cybersecurity risks introduced by third parties.
This individual will serve as the subject matter expert for cybersecurity vendor risk and will rapidly stand up scalable processes within a GRC platform. The role requires deep experience reviewing SOC reports, security questionnaires, and vendor control environments, along with the ability to drive program maturity in a fast-paced, high-growth environment.
Key Responsibilities
• Design and mature the enterprise data governance framework, policies, standards, and operating model.
• Establish and maintain data ownership, stewardship, and accountability structures.
• Stand up and manage governance forums, working groups, and reporting mechanisms.
• Build and maintain the enterprise data inventory and data domain model.
• Define requirements for data collection, ownership assignment, and classification at creation.
• Embed governance and classification controls into system development and intake processes.
• Maintain the enterprise data classification framework and associated handling and protection requirements.
• Map regulatory and contractual obligations to data classes and ensure appropriate controls are enforced.
• Define secure data storage requirements and validate compliance with encryption, access, and monitoring standards.
• Monitor storage environments to prevent unauthorized access, loss, or misuse.
• Govern role?based access, periodic reviews, and monitoring of data usage and behavior.
• Partner with cross functional teams to detect and respond to inappropriate access.
• Establish secure data sharing and transmission standards and govern internal/external disclosures.
• Maintain approval workflows, logging, and traceability for data transfers.
• Assess data sharing risks in partnership with Third?Party Risk Management.
• Develop and maintain data retention schedules aligned with legal, regulatory, and business needs.
• Govern archival processes and access restrictions for inactive data.
• Define secure data destruction standards, validate retention obligations, and maintain destruction evidence.
• Oversee third?party destruction activities for compliance.
• Develop KPIs, KRIs, maturity metrics, dashboards, and executive reporting.
• Identify program gaps, drive remediation, and support audits and regulatory examinations.
• Serve as the enterprise SME for data governance, providing training and awareness.
• Build relationships with IT, Security, Privacy, Legal, Risk, and business units to promote adoption.
• Support AI governance and trusted?data initiatives.
Required Qualifications
• Bachelor’s degree in Information Security, Information Systems, Risk Management, or related field (Master’s preferred).
• 7+ years of experience in third-party risk management, cybersecurity risk, or GRC.
• Proven experience building or significantly enhancing a TPRM program.
• Strong experience reviewing SOC 2 reports and vendor security questionnaires.
• Experience conducting vendor cybersecurity assessments.
• Hands-on experience with a GRC platform (e.g., RSA Archer, LogicManager, ServiceNow GRC, etc.).
• Strong understanding of vendor risk frameworks and control environments.
• Experience writing clear, executive-level risk reports.
• Demonstrated ability to operate in fast-paced, build-mode environments.
• Excellent analytical, documentation, and communication skills.
• Ability to work independently and drive initiatives to completion.
To Apply for this Job Click Here
Equal Employment Opportunity Statement
Gravity IT Resources is an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other legally protected characteristic. All employment decisions are based on qualifications, merit, and business needs.