Black Kite
Third-Party Risk Analyst
Black Kite, Phoenix, Arizona, United States, 85003
The Third-Party Risk Analyst manages and mitigates risks associated with the company’s third-party relationships. This role involves assessing and monitoring third-party vendors, conducting in-depth risk assessments, and working collaboratively across departments to ensure vendors meet security, compliance, and operational standards. The ideal candidate will have a strong background in risk management, vendor assessments, and regulatory compliance, with the ability to develop and implement effective third-party risk management strategies.Key Responsibilities
Third-Party Assessments : Conduct comprehensive assessments of third-party vendors, focusing on cybersecurity, data privacy, compliance, financial stability, and operational resilience.Risk Analysis & Scoring : Evaluate vendor risk using quantitative and qualitative approaches, assign risk scores, and identify compensating controls to mitigate identified risks.Continuous Monitoring : Develop and implement processes for ongoing monitoring of third-party risks, keeping abreast of changes in vendor performance, industry regulations, and threat landscapes.Incident Management : Collaborate with relevant teams to manage vendor-related incidents, ensuring effective communication, remediation, and follow-up activities.Stakeholder Collaboration : Act as a point of contact for internal stakeholders (e.g., Information Security, Legal, Compliance, Procurement) to ensure vendor risks are identified, communicated, and mitigated appropriately.Documentation & Reporting : Prepare detailed risk assessment reports and dashboards for senior leadership, providing insights and recommendations for third-party risk reduction.Framework Development : Assist in developing and refining the third-party risk management framework, ensuring alignment with industry best practices (e.g., NIST, ISO, Shared Assessments).Regulatory Compliance : Ensure that third-party risk management activities comply with relevant regulations and industry standards, including GDPR, CCPA, PCI-DSS, and others, as applicable.Vendor Risk Awareness Training : Guide internal stakeholders on third-party risk management policies, procedures, and best practices.Qualifications
Bachelor’s degree in Information Security, Risk Management, Business, or a related field. Relevant certifications such as CTPRP, CTPRA, or TPCRA a plus.Minimum of 2+ years of experience in third-party risk management, vendor management, or a related field.Understanding of cybersecurity principles, data privacy laws, and regulatory requirements.Familiarity with third-party risk management tools and platforms (e.g., Black Kite, Vanta).Proficient in risk management frameworks (NIST, ISO 27001/27018, FAIR)A Strong analytical and problem-solving skills, with the ability to interpret complex risk data and make informed decisions.Excellent written and verbal communication skills, capable of articulating complex risk concepts to technical and non-technical audiences.Meticulous with an eye for identifying risks and gaps in vendor assessments.Ability to work cross-functionally with various departments, balancing diverse perspectives and objectives.Additional Preferred Skills
Hands-on experience with Cyber Risk Quantification (CRQ) to provide financial context to third-party risks.Knowledge of emerging technologies and their associated risks, especially in AI, and cloud computing
Third-Party Assessments : Conduct comprehensive assessments of third-party vendors, focusing on cybersecurity, data privacy, compliance, financial stability, and operational resilience.Risk Analysis & Scoring : Evaluate vendor risk using quantitative and qualitative approaches, assign risk scores, and identify compensating controls to mitigate identified risks.Continuous Monitoring : Develop and implement processes for ongoing monitoring of third-party risks, keeping abreast of changes in vendor performance, industry regulations, and threat landscapes.Incident Management : Collaborate with relevant teams to manage vendor-related incidents, ensuring effective communication, remediation, and follow-up activities.Stakeholder Collaboration : Act as a point of contact for internal stakeholders (e.g., Information Security, Legal, Compliance, Procurement) to ensure vendor risks are identified, communicated, and mitigated appropriately.Documentation & Reporting : Prepare detailed risk assessment reports and dashboards for senior leadership, providing insights and recommendations for third-party risk reduction.Framework Development : Assist in developing and refining the third-party risk management framework, ensuring alignment with industry best practices (e.g., NIST, ISO, Shared Assessments).Regulatory Compliance : Ensure that third-party risk management activities comply with relevant regulations and industry standards, including GDPR, CCPA, PCI-DSS, and others, as applicable.Vendor Risk Awareness Training : Guide internal stakeholders on third-party risk management policies, procedures, and best practices.Qualifications
Bachelor’s degree in Information Security, Risk Management, Business, or a related field. Relevant certifications such as CTPRP, CTPRA, or TPCRA a plus.Minimum of 2+ years of experience in third-party risk management, vendor management, or a related field.Understanding of cybersecurity principles, data privacy laws, and regulatory requirements.Familiarity with third-party risk management tools and platforms (e.g., Black Kite, Vanta).Proficient in risk management frameworks (NIST, ISO 27001/27018, FAIR)A Strong analytical and problem-solving skills, with the ability to interpret complex risk data and make informed decisions.Excellent written and verbal communication skills, capable of articulating complex risk concepts to technical and non-technical audiences.Meticulous with an eye for identifying risks and gaps in vendor assessments.Ability to work cross-functionally with various departments, balancing diverse perspectives and objectives.Additional Preferred Skills
Hands-on experience with Cyber Risk Quantification (CRQ) to provide financial context to third-party risks.Knowledge of emerging technologies and their associated risks, especially in AI, and cloud computing