Third-Party Risk Analyst

Join to apply for the Third-Party Risk Analyst role at PANTHERx Rare Pharmacy

Pittsburgh, PA (Hybrid or Remote)

Exempt

Full-Time

Director, Information Security

The Third-Party Risk Analyst is responsible for assessing, monitoring, and mitigating risks associated with third-party vendors and service providers. This role ensures that external partners comply with organizational security standards, regulatory requirements, and contractual obligations to protect sensitive data and maintain operational resilience.

• Vendor Risk Assessment:
  Conducts initial and ongoing risk assessments of third-party vendors, including security posture, compliance certifications, and contractual obligations. Reviews vendor responses to security questionnaires and identify risks.
• Due Diligence & Onboarding:
  Collaborates with legal, compliance, and business owners to evaluate vendors during onboarding. Ensures vendors meet minimum security and compliance requirements before engagement.
• Monitoring & Reporting:
  Maintains a centralized inventory of third-party relationships and associated risk ratings. Monitors vendor performance and compliance through periodic assessments. Prepares reports and dashboards for leadership on third-party risk metrics and trends.
• Policy & Compliance:
  Ensures adherence to internal policies, regulatory frameworks (e.g., GDPR, HIPAA, SOC
  2), and industry standards (e.g., ISO 27001, NIST). Assists in developing and updating third-party risk management policies and procedures.
• Incident Response:
  Supports investigations of security incidents involving third-party vendors. Coordinates remediation efforts and ensure timely resolution of identified issues.

• Bachelor’s degree in Information Security, Risk Management, or related field.
• Minimum of three (3) years of experience in vendor risk management, information security, or compliance.
• Familiarity with risk assessment methodologies and frameworks (e.g., SIG, CSA CAIQ).
• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder management abilities.
• Proficiency with risk management tools and platforms (e.g., Archer, One Trust, Service Now VRM).

• CTPRP (Certified Third Party Risk Professional), CRISC, or similar.

This job operates in a home office and professional office environment. When in-office this role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines, and communications via MS Teams.

While performing the duties of this job, the employee is regularly required to sit, see, talk or hear. The employee frequently is required to stand; walk; use hands and fingers to handle or feel; and reach with hands and arms. Visual acuity is necessary for tasks such as reading, observing surroundings, and working with various forms of data on a screen.

Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions of the job.

Hybrid, remote and flexible on-site work schedules are available, based on the position. PANTHERx Rare Pharmacy also affords an excellent benefit package, including but not limited to medical, dental, vision, health savings and flexible spending accounts, 401K with employer matching, employer-paid life insurance and short/long term disability coverage, and an Employee Assistance Program. Generous paid time off is also available to all full-time employees, as well as limited paid time off for part-time employees.

Of course we offer paid holidays too!

PANTHERx Rare Pharmacy is an equal opportunity employer, and does not discriminate in recruiting, hiring, promotions or any term or condition of employment based on race, age, religion, gender, ethnicity, sexual orientation, gender identity, disability, protected veteran s status, or any other characteristic protected by federal, state or local laws.

Seniority level:
Mid-Senior level

Employment type:

Full-time

Job function:
Finance and Sales

Industries:
Pharmaceutical Manufacturing