Sr Third Party Risk Analyst (TPRM)
About the role
At HealthEquity, you'll play a critical role in ensuring the security, resilience, and integrity of the partners and technologies powering our platform. This is more than a compliance role; you'll be at the intersection of cybersecurity, emerging AI risk, and operational excellence, helping evolve our Third Party Risk Management (TPRM) program to meet the pace of a fast-moving, highly regulated environment.
Responsibilities
- Carry out risk assessments for critical and operationally significant third-party entities, including cloud service providers, SaaS platforms, technology partners, and infrastructure providers.
- Identify, track, and drive remediation of control gaps and security risks uncovered throughout the assessment lifecycle.
- Stay ahead of emerging risks, including generative and agentic AI, and evolving regulatory expectations across financial services and healthcare.
- Partner closely with cross-functional teams such as Procurement, Legal, Privacy, Security, AI Governance, and vendor business owners to manage third-party risk holistically.
- Develop and maintain key risk and performance metrics that demonstrate progress and maturity within the TPRM program.
- Lead efforts to automate repetitive and high-volume processes, leveraging advancements in AI to increase efficiency, quality, and speed.
- Introduce and evaluate AI-enabled tools to enhance risk clarity, improve signal-to-noise, and scale the program responsibly.
- Support other TPRM and governance activities as needed, contributing to a culture of continuous improvement.
Requirements
- Bachelor’s degree in Computer Science, Information Technology, Risk Management, or a related technical field.
- 5+ years of combined experience in information security, cybersecurity, or technical/analytical roles.
- Experience operating in fast-paced, high-accountability environments where prioritization and time sensitivity matter.
- 2–5 years of hands-on cybersecurity experience, ideally within financial services or healthcare.
- Strong understanding of security and AI control frameworks, such as: NIST Cybersecurity Framework (CSF), NIST AI Risk Management Framework (AI RMF), ISO 42001.
- Prior experience with TPRM/GRC platforms, including tools such as Vanta, Archer, or ServiceNow.
- Familiarity with cybersecurity risk rating services (e.g., RiskRecon, SecurityScorecard, BitSight).
- Working knowledge of audits, regulatory exams, and attestations, including SOC 2 Type II, ISO 27001, HITRUST, and similar frameworks.
- Ability to review and interpret technical evidence demonstrating cybersecurity validation and compliance (e.g., SCA, SAST, DAST, penetration testing).
- Excellent written and verbal communication skills, with the ability to translate between technical and non-technical audiences.
- Experience reviewing technical policies and contributing to standard operating procedures.
- Strong command of the Microsoft ecosystem, including PowerPoint, Excel, Word, SharePoint, and Power BI.
- Demonstrated ability to use AI solutions securely and effectively, such as Microsoft Copilot, Gemini, Anthropic, or ChatGPT, to improve workflows and outcomes.
Qualifications
- One or more cybersecurity certifications, such as CISSP, CISA, CISM, CRISC, or equivalent.
- Demonstrated understanding of cybersecurity and AI governance frameworks, including NIST CSF and NIST AI RMF.
Skills
- Strong analytical and problem-solving skills.
- Excellent communication and collaboration skills.
- Proficiency in cybersecurity and AI risk management frameworks.
- Experience with TPRM/GRC platforms and cybersecurity risk rating services.
- Knowledge of Microsoft Office Suite and familiarity with AI solutions.
Benefits & Perks
- Medical, dental, and vision coverage.
- HSA contribution and match.
- Dependent care FSA match.
- Uncapped paid time off.
- Paid parental leave.
- 401(k) match.
- Personal and healthcare financial literacy programs.
- Ongoing education & tuition assistance.
- Gym and fitness reimbursement.
- Wellness program incentives.
Pay
$87,500.00 To $111,500.00 / year
Schedule
This is a remote position.
Benefits & Perks
- HealthEquity is committed to providing reasonable accommodations to team members with qualifying disabilities.
- The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location.
- This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits.
Why work with HealthEquity
HealthEquity has a vision that by 2030 we will make HSAs as widespread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth. Join us and discover a work experience where the person is valued more than the position.