Third Party Risk & Security Analyst

Primary Job Title: Third Party Risk & Security Analyst Alternate/Related Job Titles:

• Third Party Risk Analyst
• Vendor Risk Management Analyst
• Third Party Risk Management (TPRM) Analyst
• Cybersecurity Risk Analyst
• Vendor Security Risk Analyst

Location: Boston, MA Onsite Flexibility: Remote (EST or CST only) Contract Details (Contract roles only):

• Position Type: Contract
• Contract Duration: 9 Months
• Start: As Soon As Possible
• Pay Rate: $65 - 75/hr

Job Summary: The Third Party Risk & Security Analyst is responsible for assessing and managing third-party vendor risk across cybersecurity, privacy, compliance, financial stability, and operational resilience domains. This role ensures that vendors meet security and regulatory standards while supporting the organization’s broader risk management framework.The analyst works closely with internal stakeholders to evaluate vendor risk posture, review security documentation, and ensure remediation plans are implemented and tracked. The position also plays a key role in maintaining the Third Party Risk Management (TPRM) program and supporting ongoing improvements to policies, procedures, and reporting. Key Responsibilities:

• Assess third-party vendors for inherent and residual risk across cybersecurity, privacy, compliance, financial stability, and operational resilience domains.
• Conduct and review vendor due diligence questionnaires, SOC reports, penetration test results, and other security and compliance documentation.
• Monitor vendor performance and risk posture over time, including tracking remediation plans and validating corrective actions.
• Collaborate with internal stakeholders including Procurement, Legal, IT Security, and Business Owners to ensure vendor risks are properly identified, documented, and mitigated.
• Maintain the TPRM platform including data accuracy, evidence management, workflow tracking, and progress updates.
• Independently manage the TPRM assessment workflow from start to finish, including reassessments for 30+ vendors per month.
• Manage communication and follow-ups with internal and vendor contacts to ensure timely completion of assessments.
• Review returned questionnaires and supporting artifacts while maintaining detailed progress notes for leadership and internal stakeholders.
• Support improvements to TPRM policies, procedures, risk scoring methodologies, and regulatory reporting.

Required Experience:

• Bachelor’s degree or equivalent work experience required
• Minimum of 2 years of TPRM or risk-related experience
• Knowledge of third-party or vendor management lifecycle including identification, selection, management, and termination
• Understanding of operational risk management processes including risk identification, assessment, mitigation, prioritization, monitoring, and reporting
• Knowledge of regulatory expectations related to third-party risk management

Nice-to-Have

Experience:

• 3-5 years of industry or related experience in risk management or vendor risk

Required Skills:

• Third Party Risk Management (TPRM) assessments
• Vendor due diligence and security documentation review
• Risk identification and mitigation processes

Preferred Skills:

• SOC report and penetration test review
• Vendor lifecycle risk management
• Regulatory compliance and risk frameworks
• Risk scoring and reporting methodologies
• Cross-functional stakeholder collaboration

Additional Skills:

• Vendor performance monitoring and remediation tracking
• TPRM platform management and workflow tracking
• Evidence management and documentation review
• Vendor communication and follow-up coordination
• Risk reporting and leadership updates
• Policy and procedure improvement initiatives

Benefits:

• Medical, Vision, and Dental Insurance Plans
• 401k Retirement Fund

About the Client: A global real estate investment trust specializing in wireless and broadcast communications infrastructure. The organization manages communication sites and data centers worldwide, supporting telecommunications and broadcast services through a large portfolio of tower sites and digital infrastructure assets. About GTT: GTT is a minority-owned staffing firm and a subsidiary of Chenega Corporation, a Native American-owned company in Alaska. We highly value diverse and inclusive workplaces and support Fortune 500 organizations across banking, financial services, technology, life sciences, biotech, utilities, and retail sectors throughout the U.S. and Canada. Job Number: 26-02354Hashtags: Apply tot his job Apply To this Job