Security Analyst/Third-Party Risk Management (TPRM) - remote PST

Third-Party Risk Management (TPRM) Security Analyst

Our client is seeking a sharp and driven TPRM Security Analyst to join their Information Security GRC team in a remote capacity. This is a high-impact contract role where you will play a critical part in protecting the organization by assessing vendor cybersecurity posture, managing compliance with key regulatory frameworks, and driving continuous improvement of the vendor risk program. If you thrive in a fast-paced environment, enjoy cross-functional collaboration, and bring deep expertise in third-party risk lifecycle management, this is an opportunity to make a meaningful difference.

As part of our process after applying, you may receive an invitation from our AI Recruiter Avery for a short conversation that lets you share more about your background beyond your resume. For questions, contact .

Job Type: 6-month contract-to-hire

Location: Remote - PST Hours Required

Compensation: This job is expected to pay about $60-70/hr

No Visa Sponsorship Available for this role

What You'll Do:

• Conduct end-to-end vendor information security assessments, reviewing questionnaires (SIG, CAIQ, custom IRQs), evaluating evidence, assigning risk levels, and tracking remediations to closure.
• Administer and automate TPRM workflows within ServiceNow GRC, including vendor onboarding, risk scoring, dashboards, and executive reporting for the Vendor Risk Committee.
• Perform ongoing vendor monitoring, manage vendor records in the contract lifecycle system, and analyze emerging cyber threats to strengthen supplier risk management.
• Maintain the TPRM risk register and support preparation of materials for internal and external audits, including SOC 2, HITRUST, HIPAA, and PCI.
• Collaborate cross-functionally with Legal, Procurement, Compliance, and Business Units to embed security requirements into RFPs, contracts, and vendor onboarding processes.

What Gets You the Job:

• 5+ years in Information Security with 5+ years dedicated to TPRM or InfoSec GRC, including hands-on end-to-end vendor risk lifecycle management.
• Demonstrated experience administering and automating TPRM workflows in ServiceNow GRC, including risk scoring and vendor onboarding.
• Working knowledge of NIST CSF, HITRUST CSF, SOC 2, ISO 27001, and HIPAA Security Rule, with an understanding of PHI/ePHI handling and BAA obligations.
• Experience with vendor security questionnaires (SIG, CAIQ) and evidence-based vendor audits, including CVSS/CCSS vulnerability scoring.
• Strong communication and stakeholder management skills with the ability to present risk findings to leadership and collaborate across legal, procurement, and clinical teams.

Irvine Technology Corporation (ITC) connects top talent with exceptional opportunities in IT, Security, Engineering, and Design. From startups to Fortune 500s, we partner with leading companies nationwide. Our AI recruiter, Avery helps streamline the first step of your journey-so we can focus on what matters most: helping you grow. Join us. Let us ELEVATE your career!