Third Party Risk Management Analyst

HireRight is the premier global background screening and workforce solutions provider. We bring clarity and confidence to vetting and hiring decisions through integrated, tailored solutions, driving a higher standard of accuracy in everything we do. Combining in-house talent, personalized services, and proprietary technology, we ensure the best candidate experience possible. PBSA accredited and based in Nashville, TN, we offer expertise from our regional centers across 200 countries and territories in The Americas, Europe, Asia, and the Middle East. Our commitment to get it right every time, everywhere, makes us the trusted partner of businesses and organizations worldwide.

This role reports to the Sr. Director, Information Security GRC focusing on Third-Party Risk Management. The Third-Party Risk Analyst is responsible for identifying, assessing, monitoring, and mitigating risks associated with third-party relationships. This role plays a critical part in safeguarding the organization from operational, regulatory, reputational, and strategic risks arising from vendors, suppliers, contractors, and other external partners. The analyst will support the development and execution of the third-party risk management framework, conduct due diligence assessments, monitor ongoing vendor performance, and ensure compliance with internal policies and regulatory requirements.

• Independently evaluates and analyzes issues or process improvement opportunities to mitigate risks and ensure alignment with the goals and objectives of the Corporate Compliance Program, clearly communicating findings and recommendations to management and other key stakeholders.
• Takes a lead role in conducting and documenting third-party risk assessments in accordance with internal policies.
• Track and monitor the progress of assessments, follow-ups, and remediation activities.
• Coordinate with internal stakeholders and vendors to gather necessary information.
• Maintain accurate records and status updates in risk management tools/systems.
• Contributes to various project requests from functional teams to increase operational efficiency, strengthen security/ IT environment, and help meet the company's internal and external regulatory or compliance requirements.
• Support reporting on assessment status and risk findings to management.

Education:

BS, BA in Information Technology, Computer Science or other related

Business/Technology/Analytical studies

Security+, CISA, CISM, ISO 27001 Lead Auditor, or similar certification a plus

Experience:

• 2-3 years experience in third-party risk assessment and remediation roles, including conducting comprehensive risk evaluations of vendors and service providers across various domains such as information security, data privacy, regulatory compliance, and operational resilience.
• Skilled in identifying risk exposures and working with vendors to develop and track effective remediation plans.
• Information security regulatory compliance experience with: NIST 800-53, NIST CSF, ISO 27001, SOC 2, or similar
• Skilled in analyzing regulatory and industry requirements and translating them into effective, actionable controls.
• Strong project management skills; Jira experience a plus.
• High degree of independence, exceptional work ethic with a team player attitude, and a solution-oriented mindset
• Familiarity with core IT and Information Security Technologies
• Exceptional interpersonal, written and oral communication skills.

Work location: Poland, Katowice.

In exchange for your expertise, HireRight offers an excellent employee benefit package which includes:

HireRight offers its employees a competitive salary, permanent contract and a comprehensive package of benefits. From day one you will receive a training plan to get you on board quickly. Additionally, we offer:

• Private Medical Care
• Edenred card
• Lunch Vouchers
• Paid Lunch Break (30 Minutes)
• Social Fund (Holiday Allowance, Glasses Voucher)
• Bonus Plans
• Group Life Insurance
• Career Path & Opportunities to Grow
• Professional Training 

Please submit resume/CV in English.

All resumes are held in confidence. Only candidates whose profiles closely match requirements will be contacted during this search.

HireRight does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of HireRight and HireRight will not be obligated to pay a placement fee.