The Senior Cybersecurity Risk Analyst is responsible for executing third-party and supplier risk activities across the vendor lifecycle and contributing to enterprise risk register operations across the Danaher operating companies. This role offers opportunities to work at the intersection of cyber risk, supply-chain integrity, and enterprise risk reporting across a global, multi-operating-company environment.
This position is part of the Corporate Information Security and will be located as Remote.
In this role, you will have the opportunity to: - Execute the third-party risk management (TPRM) lifecycle end-to-end, including vendor intake, inherent-risk tiering, security and privacy questionnaire administration, evidence collection and review, scoring, and final risk decisioning under the direction of the TPRM Lead
- Review and provide cybersecurity input on third-party contracts (IS Terms & Conditions, Data Protection Addenda, Standard Contractual Clauses, AI-specific addenda), partnering with Legal, Privacy, and Procurement to land defensible positions and consistent redlines
- Assess supply-chain and geopolitical risk (including country-of-origin and concentration concerns) and apply AI vendor risk frameworks (NIST AI RMF, ISO/IEC 42001) to AI-enabled products and services in the vendor portfolio
- Serve as the connective tissue between central TPRM and the OpCo 3rd-Party Questionnaire & Response Coordinators, providing guidance on intake, scoring consistency, escalation paths, and Procurement engagement so vendor risk is handled the same way across the portfolio
- Contribute to enterprise risk register operations and data quality, including consistent risk capture, cross-OpCo aggregation, and executive-grade reporting that informs the OpCo QBR and CISO updates
The essential requirements of the job include: - Strong working knowledge of third-party risk management frameworks and methodologies (e.g., Shared Assessments SIG, NIST SP 800-161, ISO/IEC 27036) and the underlying security and privacy regulatory landscape (GDPR, HIPAA, PCI DSS, SOX)
- Demonstrated experience administering vendor security questionnaires, reviewing evidence (SOC 2, ISO 27001, penetration test reports), applying scoring consistently at scale, and communicating findings to vendors and internal stakeholders
- Working familiarity with the cybersecurity provisions in vendor contracts (IS Terms & Conditions, Data Protection Addenda, Standard Contractual Clauses) and the ability to coordinate redlines with Legal, Privacy, and Procurement.
- Hands-on experience operating an enterprise or program-level risk register, with attention to data quality, aggregation methodology, and reporting fluency for executive audiences.
- 7+ years of experience in third-party risk, enterprise risk management, vendor security, or related governance work.
It would be a plus if you also possess previous experience in: - Experience applying AI vendor risk frameworks such as NIST AI RMF and ISO/IEC 42001, and assessing supply-chain and geopolitical concentration risk including country-of-origin scrutiny.
- Familiarity with GRC platforms (e.g., OneTrust, ServiceNow IRM, RSA Archer) and vendor risk tooling, along with excellent written and verbal communication skills and proven experience influencing stakeholders at all organizational levels, including senior leadership.
At Danaher we believe in designing a better, more sustainable workforce. We recognize the benefits of flexible, remote working arrangements for eligible roles and are committed to providing enriching careers, no matter the work arrangement. This position is eligible for a remote work arrangement in which you can work remotely from your home. Additional information about this remote work arrangement will be provided by your interview team. Explore the flexibility and challenge that working for Danaher can provide.
The salary range for this role is $130K-$160K. This is the range that we in good faith believe is the range of possible compensation for this role at the time of this posting. We may ultimately pay more or less than the posted range. This range may be modified in the future.
This job is also eligible for bonus/incentive pay. #LI-Remote
We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance and 401(k) to eligible employees.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.
