One
Third Party Risk Management Analyst
As a Third Party Risk Management Analyst at OnePay, you will play a critical role in safeguarding our ecosystem from third-party security risks. You'll assess the posture of high-risk vendors, review security attestations and contracts, and ensure compliance with our audit and regulatory standards. Your work will directly impact our ability to prevent breaches and maintain customer trust!
What You'll Do
- Conduct vendor risk reviews and evaluate third-party attestations such as SOC 2, ISO 2700x, and other security certifications.
- Analyze vendor contracts and identify potential risk clauses or data security implications.
- Support annual high-risk vendor audits and maintain documentation to meet compliance requirements.
- Collaborate cross-functionally with Legal, Procurement, Engineering, and Compliance teams to assess risk exposure and mitigation plans.
- Provide technical insight into vendor integrations, authentication, and infrastructure security controls.
You Bring
- 58+ years of experience in information security, vendor risk management, or related technical risk roles.
- Strong understanding of security frameworks and certifications (SOC 2, ISO 2700x, NIST, etc.).
- Familiarity with authentication, disaster recovery, and infrastructure security concepts.
- Ability to interpret and challenge vendor-provided attestations and control summaries.
- Comfort reviewing contracts and identifying clauses impacting data handling or access control.
- Excellent communication and analytical skills, with the ability to ask critical questions and present findings clearly.
- Drive and proactivity everyone here is a builder and executor.