Senior Risk Assurance Analyst

Immediate and fully remote contract opening for a Senior Risk Assurance Analyst to join security and compliance team. In this role, you will collaborate with internal stakeholders and third-party partners to ensure that minimum security control requirements are implemented and maintained. You will be responsible for conducting third-party vendor risk assessments, evaluating security compliance and maturity, and identifying potential risks that require remediation.

Responsibilities

• Perform vendor security assessments of third-party vendors to evaluate their security maturity and identify deficiencies.

• Identify and reduce potential security risks during the assessment process.

• Provide ongoing third-party monitoring for vulnerabilities, security breaches, and emerging risks.

• Analyze security attestations, audit reports, questionnaires, and memos to assess vendor security posture.

• Maintain thorough documentation of vendor security assessments and communicate risks/remediation requirements.

• Support and maintain key program metrics and risk reporting for management.

• Partner with internal stakeholders to ensure smooth vendor onboarding and security integration.

Required Skills & Experience

• 4+ years of experience in risk assessments, security assurance, IT operations, or IT audit control testing.

• Hands-on experience with the NIST Cybersecurity Framework (CSF).

• Strong technical knowledge of enterprise IT tools and solutions.

• 2+ years of project management and process improvement experience.

• Excellent written communication and documentation skills.

• Ability to identify, evaluate, and communicate third-party security deficiencies.

Preferred Qualifications

• Familiarity with common security control frameworks such as ISO 27001, SIG, or SOC 2.

• Experience with vendor risk monitoring tools (e.g., SecurityScorecard, BitSight, Archer, OneTrust, ServiceNow VRM).

• Relevant certifications: Security+, CISA, CRISC, or CISM.