Information Security GRC Third-Party Risk analyst

OneTrust's mission is to enable organizations to use data and AI responsibly. Our platform simplifies data collection with consent and preferences, automates data governance with integrated risk management across privacy, security, IT / tech, third-party, and AI risks, and promotes responsible data use by applying and enforcing data policies throughout the data lifecycle. We support seamless collaboration between data and risk teams to foster rapid, trusted innovation. Recognized as a market leader, OneTrust holds over 300 patents and serves more than 14,000 customers worldwide, from industry giants to small businesses.

The Challenge

The Security Third Party Risk Analyst will be vital in maintaining a robust security posture by assessing, managing, and mitigating risks associated with third-party vendors and service providers.

Your Mission

You will conduct risk assessments, monitor compliance, and collaborate with stakeholders to ensure third-party relationships meet security standards and policies.

Risk Assessment and Analysis

• Conduct comprehensive security risk assessments of third-party vendors and service providers.
• Identify potential vulnerabilities and threats in third-party environments.
• Evaluate the effectiveness of security controls and recommend improvements.
• Analyze risk data to identify trends and emerging threats.
• Utilize the OneTrust platform daily to monitor, document, and analyze risks.
• Create metrics to assess OneTrust's risk posture.
• Become a technical SME within the OneTrust TPRM platform.
• Collaborate with Security to establish risk reporting processes.
• Support the overall ERM function.
• Work with procurement and legal teams to include security requirements in contracts.
• Monitor third-party compliance with security obligations and standards.
• Maintain an updated vendor risk inventory.
• Facilitate security reviews and audits of vendors.

Policy and Compliance

• Perform regular security audits for compliance.
• Assist in developing and maintaining security policies and procedures.
• Support customer audits as needed.

You Are

• A team player within the GRC team.
• Critical thinker with strategic security insight.
• Proactive in risk mitigation.
• Collaborative and adaptable.
• Organized and detail-oriented.
• A trusted advisor and relationship builder.
• A technical SME in the OneTrust platform.
• Value-driven with a focus on quality.
• Capable of executing high-level directions and asking insightful questions.

Your Experience Includes

• Understanding of security frameworks, risks, and mitigation strategies.
• Knowledge of technical risks and security controls.
• Familiarity with laws like GDPR, CCPA, PCI-DSS, SOC 2, ISO, FedRAMP.
• Experience with security risk management and third-party risk procedures.
• Understanding of data classification and technology domains.
• Bachelor's degree or 5-8 years of relevant experience.

Where We Work

We embrace a flexible working model, fostering a culture of collaboration, connection, and celebration. Role-specific location details will be provided during the interview process.

As part of OneTrust, you'll receive comprehensive support, including healthcare, flexible PTO, equity, bonuses, retirement support, parental leave, career development, and certification fee coverage. Benefits vary by country. For more info, contact your recruiter or visit onetrust.com / careers.

Resources

Your Data

You can update or remove your data at any time via our Privacy Overview. Requests for data removal should be submitted using the Data Subject Request Form. We do not ask for personal information during interviews and warn against scams involving false job offers. Contact for concerns.

Our Commitment to You

Joining OneTrust means embarking on a boundaryless career with a diverse, inclusive team passionate about trust. Your voice and expertise will help shape a new industry. We are committed to supporting your growth and providing an empowering environment. We are an equal opportunity employer, prohibiting discrimination and harassment of any kind.

J-18808-Ljbffr