OneTrust

Senior Security Third Party Risk (TPRM) Analyst

OneTrust$104K — $156K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • BA/BS in Computer Science, Cybersecurity, Information Assurance, or related field
  • 5+ years of hands-on experience in cybersecurity/risk management
  • Experience reviewing SOC 1, SOC 2 reports & ISO 27001 certifications
  • Familiarity with GDPR, CCPA, PCI-DSS, SOC 2, ISO, and FedRAMP
  • Knowledge of cloud services in at least one provider

Responsibilities

  • Collaborate with IT and InfoSec teams for process improvement
  • Review vendor due diligence and security documentation
  • Evaluate supplier control environments based on risk management standards
  • Document risk findings and share recommendations with stakeholders
  • Mentor Junior Security Analysts and assist with security incidents
  • Generate and deliver relevant KPIs and metrics
  • Provide insights to enhance team processes and capabilities

Benefits

  • Comprehensive healthcare coverage
  • Flexible PTO
  • Equity RSUs and annual performance bonus opportunities
  • Retirement account support
  • 14+ weeks of paid parental leave
  • Company-paid privacy certification exam fees
  • Career development opportunities
Full Job Description
The Challenge

We are looking for a dynamic Senior Information Security GRC Analyst to support IT and InfoSec by performing various governance, risk, and compliance activities as part of the OneTrust InfoSec GRC team.
Your Mission

This role will support InfoSec by performing various governance, risk, and compliance activities as part of the OneTrust InfoSec GRC team. In addition, this role will collaborate with architecture, legal, compliance, and privacy as part of our TPRM (Third Party Risk Management) process. This role will help review risk assessments for customers/vendors, data flow diagrams, architecture diagrams, certifications, questionnaires, etc.
You Are

This a team player who can work well within the GRC team.
  • Collaborate with IT, InfoSec, and within the GRC team to mature the compliance process
  • Review vendor due diligence documentation, including SOC reports, ISO certifications, penetration testing reports, policies, and security questionnaires.
  • Evaluate supplier control environments against established risk management standards and frameworks.
  • Document risk findings and communicate recommendations to business stakeholders.
  • Execute risk assessments of third-party vendors
  • Mentor Junior Security Analysts, and work with them to evaluate and remediate complex security incidents
  • Responsible for generation and continued delivery of relevant KPIs and metrics
  • Provide feedback on solutions and processes to mature overall capabilities
  • Impart expertise on the OneTrust environment and security best practices to others on the team
  • BA/BS in Computer Science, Cybersecurity, Information assurance or related subject
You Experience Includes
  • 5+ years, hands on experience in cybersecurity/risk management
  • Experience reviewing SOC 1, SOC 2 reports & ISO 27001 certifications
  • Experience reviewing security questionnaires, business continuity and disaster recovery plans as well as vendor contracts and security requirements
  • Understanding of information security best practices around confidentiality, integrity and availability
  • Cloud experience in at least one cloud provider
  • Understanding of applicable laws and regulations, including but not limited to, GDPR, CCPA, PCI-DSS, SOC 2, ISO, and FedRAMP
  • Understanding of the standards for the processing practice of third-party management
  • Understanding of technology domains including governance, risk management, security, privacy, and information technology and business continuity
Preferred Experience
  • Certifications: CRISC, Security+, CISSP, CISM, CCSP, CISA, Azure
  • Knowledge of OneTrust security/GRC products.


For California, Colorado, Connecticut, Nevada, New York, Rhode Island, and Washington-based candidates: the annual base pay range for this role is listed below. Within this range, individual pay is determined by several factors, including location, job-related skills, work experience, and relevant education and/or training. This role may also be eligible for discretionary bonuses, equity, and/or commissions, as well as benefits.

Salary Range

$104,325-$156,488 USD

Where we Work

We are embracing an office-first culture, encouraging three days a week in office for most roles, with meaningful opportunities to collaborate and celebrate in person.

Each role may have specific requirements or flexibility depending on the scope of the position, so we encourage you to verify this with your recruiter during your first interview.
Benefits

As an employee at OneTrust, you will be part of the OneTeam. That means you'll receive support physically, mentally, and emotionally so that you can do your best work both in and out of the office. This includes comprehensive healthcare coverage, flexible PTO, equity RSUs, annual performance bonus opportunities, retirement account support, 14+ weeks of paid parental leave, career development opportunities, company-paid privacy certification exam fees, and much more. Specific benefits differ by country. For more information, talk to your recruiter or visit onetrust.com/careers.
Resources

Check out the following to learn more about OneTrust and its people:
Your Data

You have the right to have your personal data updated or removed. You also have the right to have a copy of the information OneTrust holds about you. Further details about these rights are available on the website in our Privacy OverviewYou can change your mind at any time and have your personal data removed from our database. In order to do this you must contact us and let us know you wish to be removed. The request should be made on the Data Subject Request Form.

Recruitment fraud warning: OneTrust is aware of scams involving false offers of employment with our company. The fraudulent jobs, interviews and job offers use fake websites, email addresses, group chat and text messages. Be aware that we never ask candidates for personal information, IDs or bank information during the interview process. We do not interview prospective candidates via instant message or group chat, and do not require candidates to purchase products or services, or process payments on our behalf as a condition of any employment offer. Please note that any legitimate interview availability requests will come directly from a OneTrust recruiter with an "@onetrust.com" email address. You may also receive legitimate emails from "@us.greenhouse-mail.io". Recruiters will only reach out to candidates who have applied for a role through our ATS (Greenhouse) or prospects via LinkedIn InMail. Job offers will come from a recruiter and may have a "@docusign.net" email address. For more information or if you have been targeted please reach out to [email protected].

About OneTrust

OneTrust is a software company that provides a platform for privacy, security, and data governance. The company's platform helps organizations comply with global regulations such as GDPR, CCPA, and LGPD. OneTrust's products include privacy management, third-party risk management, consent management, incident and breach response, and data mapping. The company was founded in 2016 and is headquartered in Atlanta, Georgia. OneTrust has over 10,000 customers, including half of the Fortune 500 companies.
Learn more about OneTrust
Size
1,500 employees
Industry
Founded
2016

Similar Jobs

More Jobs at OneTrust

More Information Technology Jobs

Find similar Senior Security Third Party Risk (TPRM) Analyst jobs: