×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Business Analyst

Third Party Cyber Risk Analyst

Job in Springfield, Hampden County, Massachusetts, 01119, USA
Listing for: Farm Credit Financial Partners, Inc.
Full Time position
Listed on 2026-03-12
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Business Analyst
Salary/Wage Range or Industry Benchmark: 60000 - 80000 USD Yearly USD 60000.00 80000.00 YEAR
Job Description & How to Apply Below

Overview

POSITION SUMMARY: The Third Party Cyber Risk Analyst supports and enhances the organization’s Third-Party Risk Management (TPRM) program. This role is responsible for assessing cybersecurity, privacy, operational, and compliance risks associated with vendors and other third parties throughout the vendor's lifecycle. The Analyst partners closely with Information Security, Legal, Procurement, and business stakeholders to evaluate vendor controls, review contract language, monitor risks, and ensure the organization’s standards and regulatory requirements are met prior to onboarding and throughout the duration of the relationship.

This role requires strong analytical skills, the ability to interpret technical and contractual information, and the ability to collaborate with geographically dispersed teams and vendor representatives.

Responsibilities
  • Conduct risk assessments with a focus on cybersecurity for new and existing vendors.
  • Evaluate vendors’ security posture, including access controls, encryption, vulnerability management, incident response, and business continuity practices as well as financial stability.
  • Review SOC 1/SOC 2 reports, ISO certifications, penetration test summaries, and security questionnaires.
  • Assess risks related to data privacy, cloud environments, and critical system integrations.
  • Identify control gaps and recommend practical risk mitigation strategies.
  • Perform inherent and residual risk scoring and maintain updated vendor risk profiles.
  • Review vendor contracts to ensure appropriate cybersecurity and risk protections are included, such as information security and data protection clauses, breach notification requirements, right-to-audit provisions, business continuity and disaster recovery commitments, subprocessor and fourth-party oversight language, indemnification and liability protections.
  • Partner with Legal and Procurement to negotiate risk-aligned contract provisions.
  • Ensure contractual obligations align with internal cybersecurity policies and regulatory expectations.
  • Maintain vendor risk inventories, exceptions, and remediation plans within the vendor risk management system.
  • Track, monitor, and report on open issues, remediation progress, and changes in vendor risk posture.
  • Support continuous monitoring activities for critical and high-risk vendors.
  • Contribute to the maturity of the TPRM program, including enhancing processes, procedures, workflows, templates, and reporting on third-party cyber risk posture for leadership and risk committees.
  • Support updates to TPRM policies, standards, and assessment methodologies.
  • Participate in internal projects aimed at improving vendor management practices across the organization.
  • Partner with internal teams—including Legal, Procurement, Information Security, and business units—to ensure coordinated and effective vendor risk oversight.
  • Communicate assessment results and recommendations to both technical and non-technical stakeholders.
  • Build and maintain strong working relationships with internal partners and third-party vendors.
  • Other related duties as assigned.
Requirements Minimum Knowledge and Education Requirements
  • Bachelor’s Degree in information/data security, business or related field.
  • Typically, 5 or more years of related industry experience.
  • Experience in information/cyber security risk management, auditing, assessment and/or compliance; as well as related experience in purchasing (RFI/RFP), contracts (review), and project management is preferred.
  • Knowledge of industry authoritative sources such as NIST, COBIT, SOC2, CSF, and ISO standards is preferred.
  • Experience with TPRM or GRC platforms.
Skills And Competencies
  • Strong analytical, risk evaluation, and problem-solving skills.
  • Ability to interpret technical controls and contractual language and translate them into business impacts.
  • Strong verbal and written communication skills, including the ability to articulate risk to non-technical audiences.
  • Ability to manage multiple assignments and deadlines in a fast-paced environment.
  • Demonstrated capacity to work independently and lead work processes.
  • Strong program management, documentation, and organizational skills.
  • Ability to collaborate…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search