IT Vendor Risk Management (TPRM)

Role Description Role Summary The Third Party Risk Management (TPRM) Analyst is responsible for supporting the execution of the organization s third party cybersecurity risk management program. This role focuses on conducting vendor risk assessments, reviewing security controls, tracking remediation activities, and ensuring third party risks are identified, documented, and managed in alignment with enterprise risk standards and regulatory expectations. Key Responsibilities Execute third party cybersecurity risk assessments during vendor onboarding, renewals, and periodic reviews Review vendor security questionnaires, attestations, and supporting evidence Identify cybersecurity, privacy, and operational risks introduced by third parties Document risks, findings, and remediation actions in TPRM / GRC tools Coordinate with Procurement, Legal, Privacy, IT, and Business stakeholders Support audits, compliance reviews, and regulatory requests Required Skills & Experience 3-5 years of experience in Third Party Risk Management, GRC, or Cybersecurity Risk Working knowledge of NIST CSF, ISO 27001, SOC 2 Hands on experience with vendor risk assessments and remediation tracking Familiarity with GRC / TPRM tools (ServiceNow preferred) Strong documentation, analytical, and stakeholder communication skills Skills supplier risk management,cybersecurity risk,analytical skills,third-party risk management,documentation,