Third Party Risk Analyst

Third Party Risk Analyst Boston, MA - 3 Days Onsite (will only consider local talent)Direct-Hire (Unable to Provide Sponsorship)We are seeking a detail-oriented professional to support enterprise vendor risk and procurement operations. This role will focus on evaluating third-party risk, strengthening governance practices, supporting sourcing initiatives, and helping ensure vendor relationships align with organizational security and compliance standards.The ideal candidate will work cross-functionally with internal teams to identify potential risks, recommend mitigation strategies, and contribute to ongoing process optimization across vendor management and procurement functions.Key ResponsibilitiesConduct security, operational, and compliance risk reviews for third-party vendors and strategic partners.Partner with internal stakeholders to develop, track, and complete remediation activities tied to vendor assessments.Assist with vendor onboarding, contract evaluations, and sourcing initiatives by identifying and documenting potential risks associated with vendor engagements.Perform ongoing reviews of vendor relationships to evaluate evolving business, operational, and cybersecurity risks.Recommend enhancements to vendor governance procedures, workflows, and oversight processes to improve efficiency and risk visibility.Help maintain and enforce internal governance standards related to procurement and third-party oversight.Monitor emerging trends within cybersecurity, compliance, and vendor risk management to help strengthen organizational practices.Develop an understanding of business operations, systems, and technologies to support effective vendor and procurement decision-making.Build strong working relationships across Procurement, IT, Compliance, Legal, Risk, and business teams to support enterprise initiatives.QualificationsBachelor’s degree in Information Technology, Business, Risk Management, Cybersecurity, or a related discipline.2–4 years of experience in vendor management, third-party risk management, IT risk, cybersecurity, audit, or a related function, preferably within financial services or regulated industries.Familiarity with vendor risk methodologies, governance frameworks, and procurement lifecycle processes.Understanding of IT infrastructure, business applications, cybersecurity technologies, and operational support environments.Ability to evaluate security and operational controls, identify gaps, and recommend corrective or compensating controls.Experience working with industry frameworks and standards such as NIST, ISO 27001, SOC 2, SIG, or similar compliance models.Strong analytical, organizational, and problem-solving skills with the ability to manage multiple priorities and deadlines.Excellent communication skills with the ability to explain technical or risk-related concepts to both technical and non-technical audiences.Professional certifications such as CISA, CISM, CISSP, CRISC, CTPRP, CTPRA, or PMP are considered a plus.Willingness to pursue additional certifications and professional development as needed.