Third Party Risk Analyst

Who are we?

UpGuard’s mission is to protect the world’s data. We obsessively seek out elegant, robust ways to enable our customers to find, acknowledge, and remediate cyber risk. With UpGuard, organizations leverage our security expertise and software to automate what was once laborious, spreadsheet-driven processes–whether it's monitoring the attack surface of hundreds of vendors or assessing the security of their own infrastructure. UpGuard is used by some of the world’s largest, fastest-growing, and most innovative companies. 

We have a rapidly growing customer base at UpGuard, but one thing has remained the same, our customers always come first! Our Success team is determined to help solve the needs and challenges that our customers face on a daily basis. We consistently think outside the box to find new ways to help our customers thrive throughout their journeys with UpGuard. We’re on the lookout for individuals who have a passion for helping others, fixing problems, and building long-lasting relationships with new customers. You will also have a commercial mindset to identify opportunities to expand our customer accounts and elevate adoption of our products to new heights. 

Why are we hiring this role?

We are expanding our third-party security managed service, where we write Risk Assessments on vendors for our customers, and we’re scaling this offering to meet growing demand. To support this growth and the introduction of new professional services expertise, we’re seeking a Third-Party Risk Analyst to join our team.

In this role, you will:

.Collaborate closely with customers to identify, measure, and manage third-party risks.

.Translate complex technical findings into clear, actionable risk assessment reports.

.Help scope, price, and deliver customized solutions that meet each customer’s unique requirements.

.Stay up to date with industry standards and emerging risks, driving continuous improvement in our third-party risk management offerings.

We’re looking for a customer-focused individual with a keen eye for detail, strong communication skills, and a passion for simplifying complex concepts. If you thrive on tackling challenges and want to shape the future of risk management.

Please be aware that some flexibility with working hours will be necessary for this position to align with our US team members' schedules.

What will you do?

• Translate complex and technical aspects into reports that the business can easily understand.

• Partner with customers to identify, measure, and manage third-party risks and controls.

• Assist with standardized reports, templates, and scorecards to inform customers of third-party risks.

• Collaborate with sales, customer success, and other internal teams to understand and address the changing needs of our customers.

• Develop and maintain a working knowledge of emerging financial, operational, third-party, and regulatory/compliance-related information to contribute to the continuous improvement of the third-party risk management offering.

• Support the execution of professional services projects, ensuring high-quality deliverables and alignment with customer expectations.

What will you bring?

• Strong knowledge of relevant security frameworks, standards, and US-specific requirements and laws (e.g., ISO 27001, PCI DSS, NIST CSF, HIPAA, etc.).

• Thorough understanding of cybersecurity risk management principles.

• 2-3+ years of experience in Risk Management, Third Party Risk, Auditing, Consulting, or equivalent roles, ideally within professional services environments.

• Familiarity with Third Party Risk Management practices, including the lifecycle of risk identification, treatment, mitigation, acceptance, and remediation, as well as inherent and residual risks.

• Proven ability to write Risk Assessments.

• Exceptional written and verbal communication skills, with a talent for articulating technical concepts and customer challenges in a clear, concise manner.

• Strong customer service skills for building and maintaining relationships with customers.

• Ability to juggle multiple priorities, manage timelines, and deliver results in a fast-paced environment.

What will give you an edge?

• Bachelor’s Degree in Information Technology, Systems, or a related field.

• Relevant professional certifications, such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Regulatory Vendor Program Manager (CRVPM), Certified Third Party Risk Professional (CTPRP)

• Demonstrated experience performing Third Party Security Risk Assessments.

• A strong interest in and knowledge of cybersecurity and emerging risks.

What's in it for you?

• Monthly Lifestyle subsidy: use this for financial, physical and mental wellbeing (all regions)

• WFH set-up allowance: to ensure you have the right environment to work in, we will help you get set up within your first 3 months at UpGuard (all regions)

• $1500 USD annual Learning & Development allowance: to support your career development all team members will be able to expense development opportunities against this allowance (all regions)

• Generous Annual Leave/PTO allowances: time to recharge your batteries (all regions)

• 18 weeks paid Parental Leave: irrespective of parenting role (all regions)

• Personal Leave allowance: this includes sick & carer’s leave (all regions)

• Fully remote working environment: whilst we have physical offices in Sydney & Hobart, we do not mandate compulsory attendance (all regions)

• Top-spec hardware: all team members will be provided with top-spec laptops for their role (all regions)

• Personal device security & online privacy protection subsidy: UpGuard provides team members with a paid subscription to personal device security & online privacy protection platform (all regions)

• Generative AI subsidy: UpGuard provides paid subscriptions for all team members to access generative AI tools to support their work (all regions)

#LI-BW1

UpGuard is a Certified Great Place to Work® in the US, Australia, UK and India, establishing its position as a leading global technology employer. 99% of team members agree that UpGuard is a great place to work, apply now to find out why!

As an Equal Employment Opportunity and Affirmative Action Employer, qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.

For applications to positions in the United States, please note, at this time we can only support hiring in the following US states: CA, MD, MA, IL, OR, WA, CO, TX, FL, PA, LA, MO, or DC. 

Before starting work with us, you will need to undertake a national police history check and reference checks. Also please note that at this time, we cannot support candidates requiring visa sponsorship or relocation.