Smartsheet is hiring a
Third Party Risk Analyst

Summary

Join Smartsheet's Risk team as a Third Party Risk Management (TPRM) program specialist to drive results and help build and operate a next-generation TPRM program. In this role, you will assess risk exposure related to third parties through enhanced risk management practices and provide transparency into Smartsheet’s third party risk exposure.

Requirements

• 2+ years prior work experience in risk management, information security, third party risk management, audit and/or compliance efforts
• 2+ years prior work experience with the review of vendors, systems, or solutions as part of an internal risk assessment, procurement process, or other program
• 2+ years practical experience with one or more risk or other industry regulatory frameworks (NIST, ISO, COSO, COBIT, AICPA TSP/SOC, PCI, etc)
• Experience with vendor risk management tools (e.g. Coupa, Archer, AuditBoard)
• Experience assessing or reviewing SOC reports, penetration testing results, or other security control attestations
• Experience working with operational risks across multiple lines of business, legal entities, and/or jurisdictions
• Ability to build strong internal relationships
• Ability to assess the potential risk of an escalated issue and use business skills to evaluate impact and alternatives
• Effective judgment, decision making, and critical thinking skills
• Adaptability to the changing landscape of regulatory compliance requirements

Responsibilities

• Assess risk exposure related to third parties through enhanced risk management practices
• Support the day to day execution of the Information Security Risk Assessment process for existing and potential vendors
• Document, organize, and track activities that result from vendor security assessments
• Gather and organize vendor review results and data to support risk reporting and monitoring processes
• Identify process improvement initiatives to support the Vendor Risk Management Program and related activities, and help implement and improve on the program
• Support additional activities related to the broader risk program and team
• Have an understanding of emerging technologies including, but not limited to, mobile and cloud technology

Benefits

• Fully paid Health & Life insurance for full-time employees and family members
• Equity - Restricted Stock Units (RSUs) for eligible roles
• Monthly stipend to support your work and productivity
• Asociacion Solidarista with employee and employer contributions as well as potential alliances with entities such as universities, gyms, etc
• 12 days paid Vacation + Flexible Time Away Program
• 20 weeks fully paid Maternity Leave
• 12 weeks fully paid Paternity/Adoption Leave
• Personal paid Volunteer Day to support our community
• Opportunities for professional growth and development including access to Udemy online courses
• Company Funded Perks including a counseling membership and your own personal Smartsheet account
• Teleworking options from any registered location in Costa Rica (role specific)