Vendor Risk Analyst (Cybersecurity)

Vendor Risk Analyst (Cybersecurity) – Third Party Risk | Remote (US Hours)Executive Operations is seeking an experienced Vendor Risk Analyst (Cybersecurity) to strengthen our Third-Party Risk Management (TPRM) program. This role focuses on evaluating vendor security controls, identifying risks, validating compliance (SOC 2, ISO 27001, NIST), and ensuring the security of our supply-chain ecosystem.Candidates with TPRM, GRC, cyber risk, VRM platforms, or security assessments experience are highly encouraged to apply.🔹 Key ResponsibilitiesPerform third-party security risk assessments for onboarding, renewal, and continuous monitoring.Review vendor documentation: SOC 2 Type II, ISO 27001, penetration test reports, SIG Lite/Core, data protection policies, etc.Identify gaps, document findings, and track remediation with vendors.Provide recommendations to internal teams regarding vendor risk and security posture.Maintain and enhance the TPRM framework, workflows, and templates.Prepare clear management-level reports on vendor risk posture.Ensure vendor controls align with NIST, ISO, SOC 2, SIG, GDPR, HIPAA requirements.Work with Legal & Procurement on contracts, SLAs, and security clauses.Use VRM / GRC tools such as OneTrust, Archer, ProcessUnity, SecurityScorecard, BitSight, or ServiceNow VRM.🔹 RequirementsBachelor’s degree in Cybersecurity, Information Security, Risk Management, or related discipline.3–5 years of experience in TPRM, Vendor Risk, Cybersecurity Risk, or GRC.Strong understanding of NIST 800-53, ISO 27001, SOC 2, and risk control frameworks.Experience performing vendor assessments and interpreting security documentation.Familiarity with VRM/GRC tools (OneTrust, Archer, ProcessUnity, ServiceNow VRM, etc.).Excellent analytical, communication, and stakeholder-engagement skills.Ability to manage multiple assessments with high accuracy and detail.🔹 Preferred SkillsCertifications: CTPRP, CTPRA, CRISC, CISA, CISSP (preferred but not required).Knowledge of data privacy, regulatory compliance, and enterprise security programs.Experience supporting large-scale vendor assessments or audit cycles.TPRM, VRM, Vendor Risk, Third-Party Risk, Cybersecurity Risk, GRC, SIG Lite, SIG Core, SOC 2, ISO 27001, NIST 800-53, Due Diligence, Control Testing, OneTrust VRM, Archer GRC, ProcessUnity, SecurityScorecard, BitSight, ServiceNow VRM.