Security Analyst/Third-Party Risk Management (TPRM) – remote PST

Third-Party Risk Management (TPRM) Security AnalystOur client is seeking a sharp and driven TPRM Security Analyst to join their Information Security GRC team in a remote capacity. This is a high-impact contract role where you will play a critical part in protecting the organization by assessing vendor cybersecurity posture, managing compliance with key regulatory frameworks, and driving continuous improvement of the vendor risk program. If you thrive in a fast-paced environment, enjoy cross‐functional collaboration, and bring deep expertise in third‐party risk lifecycle management, this is an opportunity to make a meaningful difference. Job Type:6‐month contract-to-hire Location:Remote – PST Hours Required Compensation:$65-80/hr No Visa Sponsorship Available for this role What You'll Do:Conduct end-to-end vendor information security assessments, reviewing questionnaires (SIG, CAIQ, custom IRQs), evaluating evidence, assigning risk levels, and tracking remediations to closure. Administer and automate TPRM workflows within ServiceNow GRC, including vendor onboarding, risk scoring, dashboards, and executive reporting for the Vendor Risk Committee. Perform ongoing vendor monitoring, manage vendor records in the contract lifecycle system, and analyze emerging cyber threats to strengthen supplier risk management. Maintain the TPRM risk register and support preparation of materials for internal and external audits, including SOC 2, HITRUST, HIPAA, and PCI. Collaborate cross‐functionally with Legal, Procurement, Compliance, and Business Units to embed security requirements into RFPs, contracts, and vendor onboarding processes. What Gets You the Job:5+ years in Information Security with 5+ years dedicated to TPRM or InfoSec GRC, including hands‐on end-to-end vendor risk lifecycle management. Demonstrated experience administering and automating TPRM workflows in ServiceNow GRC, including risk scoring and vendor onboarding. Working knowledge of NIST CSF, HITRUST CSF, SOC 2, ISO 27001, and HIPAA Security Rule, with an understanding of PHI/ePHI handling and BAA obligations. Experience with vendor security questionnaires (SIG, CAIQ) and evidence-based vendor audits, including CVSS/CCSS vulnerability scoring. Strong communication and stakeholder management skills with the ability to present risk findings to leadership and collaborate across legal, procurement, and clinical teams.#J-18808-Ljbffr