HealthEquity, Inc.

Sr Third Party Risk Analyst (TPRM)

HealthEquity, Inc.$87K — $111K *
US-AnywhereRemote in United States
Finance & Insurance
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor’s degree in Computer Science, Information Technology, Risk Management, or a related technical field.
  • 5+ years of combined experience in information security or cybersecurity roles.
  • 2-5 years of hands-on cybersecurity experience, ideally in financial services or healthcare.
  • Strong understanding of security and AI control frameworks, such as NIST CSF and ISO 42001.
  • Proficiency with TPRM/GRC platforms like Vanta or ServiceNow.

Responsibilities

  • Conduct risk assessments for critical third-party entities including cloud providers and SaaS platforms.
  • Identify and remediate control gaps and security risks throughout the assessment lifecycle.
  • Stay ahead of emerging risks, especially in AI and regulatory changes.
  • Collaborate with cross-functional teams to manage third-party risk holistically.
  • Develop key risk and performance metrics to track TPRM program progress.
  • Automate repetitive processes, leveraging AI for efficiency.
  • Evaluate AI-enabled tools to enhance risk clarity and scalability.

Benefits

  • Medical, dental, and vision coverage
  • HSA contribution and match
  • Uncapped paid time off
  • Paid parental leave
  • 401(k) match
  • Ongoing education & tuition assistance
  • Gym and fitness reimbursement
Full Job Description
Overview

How you can make a difference

 

At HealthEquity, we’re obsessed with protecting what matters most: our members’ health and financial wellbeing. As a Senior Third Party Risk Analyst, you’ll play a critical role in ensuring the security, resilience, and integrity of the partners and technologies powering our platform.

 

This is more than a compliance role. You’ll be at the intersection of cybersecurity, emerging AI risk, and operational excellence, helping evolve our Third Party Risk Management (TPRM) program to meet the pace of a fast‑moving, highly regulated environment. If you enjoy solving complex problems, improving systems through automation, and making meaningful impact at scale — this role was built for you.

 

What you’ll be doing 

  • Conduct risk assessments for critical and operationally significant third‑party entities, including cloud service providers, SaaS platforms, technology partners, and infrastructure providers.
  • Identify, track, and drive remediation of control gaps and security risks uncovered throughout the assessment lifecycle.
  • Stay ahead of emerging risks, including generative and agentic AI, and evolving regulatory expectations across financial services and healthcare.
  • Partner closely with cross‑functional teams such as Procurement, Legal, Privacy, Security, AI Governance, and vendor business owners to manage third‑party risk holistically.
  • Develop and maintain key risk and performance metrics that demonstrate progress and maturity within the TPRM program.
  • Lead efforts to automate repetitive and high‑volume processes, leveraging advancements in AI to increase efficiency, quality, and speed.
  • Introduce and evaluate AI‑enabled tools to enhance risk clarity, improve signal‑to‑noise, and scale the program responsibly.
  • Support other TPRM and governance activities as needed, contributing to a culture of continuous improvement. 

What you will need to be successful

  • Bachelor’s degree in Computer Science, Information Technology, Risk Management, or a related technical field.
  • 5+ years of combined experience in information security, cybersecurity, or technical/analytical roles.
  • Experience operating in fast‑paced, high‑accountability environments where prioritization and time sensitivity matter.
  • 2–5 years of hands‑on cybersecurity experience, ideally within financial services or healthcare.
  • Strong understanding of security and AI control frameworks, such as:
    • NIST Cybersecurity Framework (CSF)
    • NIST AI Risk Management Framework (AI RMF)
    • ISO 42001
  • Prior experience with TPRM / GRC platforms, including tools such as Vanta, Archer, or ServiceNow.
  • Familiarity with cybersecurity risk rating services (e.g., RiskRecon, SecurityScorecard, BitSight).
  • Working knowledge of audits, regulatory exams, and attestations, including SOC 2 Type II, ISO 27001, HITRUST, and similar frameworks.
  • Ability to review and interpret technical evidence demonstrating cybersecurity validation and compliance (e.g., SCA, SAST, DAST, penetration testing).
  • Excellent written and verbal communication skills, with the ability to translate between technical and non‑technical audiences.
  • Experience reviewing technical policies and contributing to standard operating procedures.
  • Strong command of the Microsoft ecosystem, including PowerPoint, Excel, Word, SharePoint, and Power BI.
  • Demonstrated ability to use AI solutions securely and effectively, such as Microsoft Copilot, Gemini, Anthropic, or ChatGPT, to improve workflows and outcomes.
  • One or more cybersecurity certifications, such as CISSP, CISA, CISM, CRISC, or equivalent.
  • Demonstrated understanding of cybersecurity and AI governance frameworks, including NIST CSF and NIST AI RMF.

 

#LI-Remote

This is a remote position.

Salary Range$87,500.00 To $111,500.00 / year Benefits & Perks

The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:

  • Medical, dental, and vision
  • HSA contribution and match
  • Dependent care FSA match
  • Uncapped paid time off
  • Paid parental leave
  • 401(k) match
  • Personal and healthcare financial literacy programs
  • Ongoing education & tuition assistance
  • Gym and fitness reimbursement
  • Wellness program incentives

 

Onboarding & Travel

This is a remote role, with an in-person onboarding training component. New team members must participate in Trailhead, HealthEquity’s immersive onboarding experience Trailhead is designed to foster meaningful connections, support your integration into the organization, and equip you with a strong understanding of our business. Trailhead participation is a key expectation of this role. Trailhead is held onsite at our headquarters once per quarter. HealthEquity covers all required travel and accommodations. 

 

This role may begin with a virtual, self-paced onboarding experience, followed by a mandatory onsite Trailhead session at a later date.

About HealthEquity, Inc.

HealthEquity, Inc. is a leading provider of consumer-directed benefits solutions. The company's platform provides a range of tax-advantaged financial solutions for consumers to save for their healthcare and other financial goals. HealthEquity's solutions include health savings accounts (HSAs), flexible spending accounts (FSAs), health reimbursement arrangements (HRAs), and other financial wellness products. The company serves more than 12 million accounts and has over $12 billion in assets under management. HealthEquity was founded in 2002 and is headquartered in Draper, Utah.
Learn more about HealthEquity, Inc.
Size
3,688 employees
Market Cap
$5.1 billion
Industry
Net Income
$3.2 million
Founded
2002
5 Year Trend
+33.5%
Revenue
$746.6 million
NASDAQ

Similar Jobs

More Jobs at HealthEquity, Inc.

More Finance & Insurance Jobs

Find similar Sr Third Party Risk Analyst (TPRM) jobs: