Security Analyst/Third-Party Risk Management (TPRM) – remote PST

Third-Party Risk Management (TPRM) Security Analyst

Our client is seeking a sharp and driven TPRM Security Analyst to join their Information Security GRC team in a remote capacity. This is a high-impact contract role where you will play a critical part in protecting the organization by assessing vendor cybersecurity posture, managing compliance with key regulatory frameworks, and driving continuous improvement of the vendor risk program. If you thrive in a fast-paced environment, enjoy cross‑functional collaboration, and bring deep expertise in third‑party risk lifecycle management, this is an opportunity to make a meaningful difference.

Job Type: 6‑month contract-to-hire

Location: Remote – PST Hours Required

Compensation: $65-80/hr

No Visa Sponsorship Available for this role

What You’ll Do:

• Conduct end-to-end vendor information security assessments, reviewing questionnaires (SIG, CAIQ, custom IRQs), evaluating evidence, assigning risk levels, and tracking remediations to closure.
• Administer and automate TPRM workflows within ServiceNow GRC, including vendor onboarding, risk scoring, dashboards, and executive reporting for the Vendor Risk Committee.
• Perform ongoing vendor monitoring, manage vendor records in the contract lifecycle system, and analyze emerging cyber threats to strengthen supplier risk management.
• Maintain the TPRM risk register and support preparation of materials for internal and external audits, including SOC 2, HITRUST, HIPAA, and PCI.
• Collaborate cross‑functionally with Legal, Procurement, Compliance, and Business Units to embed security requirements into RFPs, contracts, and vendor onboarding processes.

What Gets You the Job:

• 5+ years in Information Security with 5+ years dedicated to TPRM or InfoSec GRC, including hands‑on end-to-end vendor risk lifecycle management.
• Demonstrated experience administering and automating TPRM workflows in ServiceNow GRC, including risk scoring and vendor onboarding.
• Working knowledge of NIST CSF, HITRUST CSF, SOC 2, ISO 27001, and HIPAA Security Rule, with an understanding of PHI/ePHI handling and BAA obligations.
• Experience with vendor security questionnaires (SIG, CAIQ) and evidence-based vendor audits, including CVSS/CCSS vulnerability scoring.
• Strong communication and stakeholder management skills with the ability to present risk findings to leadership and collaborate across legal, procurement, and clinical teams.