Business jobs in United States

TopNotch HR Consulting Firm – Kuala Selangor, Selangor

The Third-Party Risk Analyst will be responsible for assessing, managing, and mitigating risks associated with third-party vendors and partners. This role involves conducting thorough risk assessments, monitoring vendor compliance, managing findings, and collaborating with internal stakeholders to ensure that all third-party engagements comply with the organization's risk management policies and regulatory requirements.

• Conduct comprehensive risk assessments of third-party vendors, focusing on areas such as data security, infrastructure security, compliance, and operational resilience.
• Evaluate vendor risk profiles and categorize vendors based on risk levels and criticality to the organization.
• Perform due diligence on prospective and existing vendors, including reviewing security controls and compliance with regulatory standards.
• Ensure that all vendors meet the organization's security requirements before engagement.
• Continuously monitor third-party vendors for changes in risk profiles, compliance status, and performance.
• Maintain a vendor risk dashboard to track key metrics and provide regular updates to management.
• Issues Management:
• Identify, document, and prioritize findings from risk assessments and vendor evaluations.
• Develop and track remediation plans for identified findings or issues, ensuring timely resolution and mitigation of risks.
• Communicate issues and remediation status to relevant stakeholders and ensure follow-up actions are completed.
• Collaboration and Communication:
• Collaborate with internal departments such as DPO, Tech team, Legal, Procurement, and Compliance to integrate third-party risk management practices into business processes.
• Communicate risk assessment findings and recommendations to stakeholders, ensuring transparency and informed decision-making.
• Policy and Procedure Development:
• Assist in the development and implementation of third-party risk management policies, procedures, and frameworks.
• Ensure that all processes align with industry best practices and regulatory requirements.
• Training and Awareness:
• Conduct training sessions and workshops to raise awareness of third-party risk management practices among internal teams.
• Provide guidance and support to business units on managing vendor risks effectively.
• The Third-Party Risk Analyst should grasp AI fundamentals, recognize the evolving landscape of LLMs (Large Language Models) and their practical applications, and integrate this awareness to anticipate vendor alignment while critically assessing risks and advocating for mitigation when necessary.

• Bachelor's degree in Computer Science, Risk Management, Information Security, or a related field.
• More than 3 years of experience in risk management, vendor management, or a related role.
• Strong understanding of risk assessment methodologies and third-party risk management best practices.
• Familiarity with regulatory requirements and industry standards such as ISO 27001, NIST, GDPR, etc.
• Excellent analytical, communication, and interpersonal skills.
• Ability to work collaboratively with cross-functional teams and manage multiple tasks simultaneously.
• Proficiency in GRC software and tools is a plus.

• 3-5+ years of experience in cybersecurity risk assessments, vendor risk management, or IT security audits.
• Strong understanding of security frameworks (e.g., NIST CSF, ISO 27001, SOC 2).
• Experience with vendor risk management platforms (e.g., CyberGRX, OneTrust, BitSight, SecurityScorecard).
• Familiarity with cloud security (AWS, Azure, Google Cloud) and SaaS security evaluations.

• Knowledge of regulatory compliance standards (GDPR, CCPA, HIPAA, PCI-DSS, etc.).
• Security certifications (e.g., CISA, CRISC, CISSP, CISM).
• Experience with AI-driven security tools for third-party risk assessment.

Job Type: Contract