Jobs · Finance · Georgia

Senior Security Third Party Risk (TPRM) Analyst

OneTrust · Atlanta, GA · 1 wk ago
Finance$104k–$156k/yrFull-time

The Role

This role supports IT and InfoSec by performing various governance, risk, and compliance activities as part of the OneTrust InfoSec GRC team. It involves collaborating with architecture, legal, compliance, and privacy teams as part of the TPRM (Third Party Risk Management) process.

Responsibilities

  • Review vendor due diligence documentation, including SOC reports, ISO certifications, penetration testing reports, policies, and security questionnaires.
  • Evaluate supplier control environments against established risk management standards and frameworks.
  • Document risk findings and communicate recommendations to business stakeholders.
  • Execute risk assessments of third-party vendors.
  • Mentor Junior Security Analysts, and work with them to evaluate and remediate complex security incidents.
  • Generate and deliver relevant Key Performance Indicators (KPIs) and metrics.
  • Provide feedback on solutions and processes to improve overall capabilities.
  • Share expertise on the OneTrust environment and security best practices with the team.

Qualifications

  • Bachelor's degree in Computer Science, Cybersecurity, Information Assurance, or a related field.
  • 5+ years of hands-on experience in cybersecurity/risk management.
  • Experience reviewing SOC 1, SOC 2 reports & ISO 27001 certifications.
  • Experience reviewing security questionnaires, business continuity and disaster recovery plans as well as vendor contracts and security requirements.
  • Understanding of information security best practices around confidentiality, integrity, and availability.
  • Cloud experience in at least one cloud provider.
  • Understanding of applicable laws and regulations, including but not limited to, GDPR, CCPA, PCI-DSS, SOC 2, ISO, and FedRAMP.
  • Understanding of the standards for the processing practice of third-party management.
  • Understanding of technology domains including governance, risk management, security, privacy, and information technology and business continuity.

Preferred Experience

  • Certifications: CRISC, Security+, CISSP, CISM, CCSP, CISA, Azure
  • Knowledge of OneTrust security/GRC products.

Company Information

OneTrust is committed to providing equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by local laws.

Similar jobs