Third-Party Risk Management (TPRM) Analyst - Palo Alto, SFO (Hybrid)

Role: Third-Party Risk Management (TPRM) Analyst

Location: Palo Alto, SFO (Hybrid)

Duration: Long Term

Experience: 10-15 years

The Third-Party Risk Management (TPRM) Analyst will support the Firms Information Security and Risk teams in evaluating and monitoring the security posture of vendors and other third parties. This role focuses on conducting security reviews, assessing compliance with industry standards, and ensuring that vendors meet the Firms cybersecurity and data protection requirements. The Analyst will play a key role in protecting the Firms data and maintaining compliance.

Key Responsibilities

• Perform third-party/vendor security assessments, including review of security documentation such as ISO 27001 certifications, SOC 1 and SOC 2 reports, and other relevant attestations.
• Evaluate vendor risk based on responses to security questionnaires and evidence of controls.
• Use
  
  BitSight tools to review and continuously monitor vendors cybersecurity posture and identify emerging risks.
• Maintain and update the vendor risk management system, ensuring accurate documentation of assessments, remediation actions, and risk ratings.
• Collaborate with Information Security and Procurement teams to ensure that risk findings are communicated and addressed.
• Assist in developing and refining third-party risk management procedures, policies, and reporting.
• Track remediation efforts and follow up with vendors on open findings or improvement actions.
• Support due diligence efforts for new vendor engagements and periodic reviews of existing relationships.
• Stay current on evolving cybersecurity threats, regulatory expectations, and third-party risk management best practices.

Qualifications

• Bachelors degree in Information Security, Information Technology, Risk Management, or a related field (or equivalent experience).
• 2+ years of experience in vendor risk management, information security, or IT audit.
• Familiarity with security and privacy frameworks, including ISO 27001, NIST CSF, and SOC 2 Trust Service Criteria.

  Looking to get Placed? Try our Placement Guarantee Plan

  Get Hired
• Experience using BitSight, Security Scorecard, or other vendor risk rating platforms.
• Strong analytical and communication skills with the ability to present findings clearly to technical and non-technical stakeholders.
• Detail-oriented, with strong organizational and documentation skills.
• Experience working in a law firm, financial services, or other regulated environment preferred.

Preferred Skills

• Understanding of data privacy regulations (e.g., GDPR, CCPA, HIPAA).
• Experience with vendor management systems (e.g., Archer, One Trust, Process Unity, etc.).
• Relevant certifications such as CISA, CRISC, CISSP, or CTPRP are a plus.