Third Party Risk Analyst

Summary

Join UpGuard's growing team as a Third-Party Risk Analyst and contribute to our expanding third-party security managed service. You will collaborate with customers to identify and manage third-party risks, translate technical findings into actionable reports, and help deliver customized solutions. This role requires strong communication and customer service skills, along with a solid understanding of cybersecurity risk management principles and relevant frameworks. You will also need experience in risk assessment writing and the ability to manage multiple priorities in a fast-paced environment. UpGuard offers a fully remote work environment and various benefits, including a monthly lifestyle subsidy, WFH setup allowance, learning and development allowance, generous PTO, parental leave, and more.

Requirements

• Strong knowledge of relevant security frameworks, standards, and US-specific requirements and laws (e.g., ISO 27001, PCI DSS, NIST CSF, HIPAA, etc.)
• Thorough understanding of cybersecurity risk management principles
• 2-3+ years of experience in Risk Management, Third Party Risk, Auditing, Consulting, or equivalent roles, ideally within professional services environments
• Familiarity with Third Party Risk Management practices, including the lifecycle of risk identification, treatment, mitigation, acceptance, and remediation, as well as inherent and residual risks
• Proven ability to write Risk Assessments
• Exceptional written and verbal communication skills, with a talent for articulating technical concepts and customer challenges in a clear, concise manner
• Strong customer service skills for building and maintaining relationships with customers
• Ability to juggle multiple priorities, manage timelines, and deliver results in a fast-paced environment

Responsibilities

• Collaborate closely with customers to identify, measure, and manage third-party risks
• Translate complex technical findings into clear, actionable risk assessment reports
• Help scope, price, and deliver customized solutions that meet each customer’s unique requirements
• Stay up to date with industry standards and emerging risks, driving continuous improvement in our third-party risk management offerings
• Translate complex and technical aspects into reports that the business can easily understand
• Partner with customers to identify, measure, and manage third-party risks and controls
• Assist with standardized reports, templates, and scorecards to inform customers of third-party risks
• Collaborate with sales, customer success, and other internal teams to understand and address the changing needs of our customers
• Develop and maintain a working knowledge of emerging financial, operational, third-party, and regulatory/compliance-related information to contribute to the continuous improvement of the third-party risk management offering
• Support the execution of professional services projects, ensuring high-quality deliverables and alignment with customer expectations

Preferred Qualifications

• Bachelor’s Degree in Information Technology, Systems, or a related field
• Relevant professional certifications, such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Regulatory Vendor Program Manager (CRVPM), Certified Third Party Risk Professional (CTPRP)
• Demonstrated experience performing Third Party Security Risk Assessments
• A strong interest in and knowledge of cybersecurity and emerging risks

Benefits

• Monthly Lifestyle subsidy: use this for financial, physical and mental wellbeing (all regions)
• WFH set-up allowance: to ensure you have the right environment to work in, we will help you get set up within your first 3 months at UpGuard (all regions)
• $1500 USD annual Learning & Development allowance: to support your career development all team members will be able to expense development opportunities against this allowance (all regions)
• Generous Annual Leave/PTO allowances: time to recharge your batteries (all regions)
• 18 weeks paid Parental Leave: irrespective of parenting role (all regions)
• Personal Leave allowance: this includes sick & carer’s leave (all regions)
• Fully remote working environment: whilst we have physical offices in Sydney & Hobart, we do not mandate compulsory attendance (all regions)
• Top-spec hardware: all team members will be provided with top-spec laptops for their role (all regions)
• Personal device security & online privacy protection subsidy: UpGuard provides team members with a paid subscription to personal device security & online privacy protection platform (all regions)
• Generative AI subsidy: UpGuard provides paid subscriptions for all team members to access generative AI tools to support their work (all regions)