Third-Party Risk Management Analyst - GRC

Saronic Technologies is a leader in revolutionizing defense autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations for the Department of Defense (DoD) through autonomous and intelligent platforms.

Job Overview

We are seeking a Third-Party Risk Management Analyst to join our growing Governance, Risk, and Compliance (GRC) team. In this role, you will be responsible for assessing, managing, and mitigating risks associated with third-party vendors, partners, and service providers. You will work closely with various business units, legal teams, and security experts to ensure compliance with internal policies, regulations, and industry standards. The ideal candidate will have experience in third-party risk management, strong analytical skills, and a keen understanding of cybersecurity and regulatory compliance frameworks.

• Third-Party Risk Assessment:
• Lead comprehensive risk assessments of third-party vendors and service providers, including evaluating security, financial, operational, and reputational risks.
• Perform due diligence reviews of third parties to assess their cybersecurity posture, business practices, and overall risk exposure.
• Continuously monitor and assess third-party performance, identifying emerging risks and recommending mitigation strategies.

• Regulatory Compliance:
• Ensure that third-party relationships comply with relevant industry regulations, including GDPR, HIPAA, SOC 2, ISO 27001, and other data protection and security frameworks.
• Assist in developing and maintaining processes and procedures to ensure ongoing compliance with regulations affecting third-party relationships.
• Collaborate with internal teams to conduct periodic audits and assessments of third-party vendors.

• Collaboration with Cross-Functional Teams:
• Work closely with IT, Legal, Procurement, Compliance, and other departments to evaluate vendor contracts and service level agreements (SLAs) for risk exposure.
• Assist in the creation of third-party risk management policies and procedures.

• Risk Mitigation & Reporting:
• Identify risks related to the introduction of third-party vendors and propose mitigation plans to reduce identified risks.
• Track and report on third-party risk management activities, providing regular status updates to leadership.
• Contribute to the development and execution of incident response plans related to third-party vendors in the event of a security breach or other critical issue.

• Continuous Improvement:
• Stay current with emerging trends, technologies, and regulations in third-party risk management and cybersecurity.
• Proactively recommend improvements to enhance the third-party risk management framework.

• Bachelor’s degree in business, Information Security, Risk Management, or a related field (or equivalent experience).
• At least 5-7 years of experience in third-party risk management, vendor management, or cybersecurity risk assessments.
• Strong knowledge of industry standards and frameworks such as ISO 27001, SOC 2, GDPR, and NIST.
• Hands-on experience in assessing and managing cybersecurity and compliance risks for third-party vendors.
• Excellent analytical skills and ability to evaluate complex risk scenarios.
• Strong written and verbal communication skills, with the ability to clearly articulate risk findings and mitigation strategies to senior leadership.
• Proficiency with risk management tools and platforms.
• Strong project management skills and the ability to manage multiple priorities simultaneously.

• Preferred Qualifications:

• Experience with CMMC (Cybersecurity Maturity Model Certification) and CUI (Controlled Unclassified Information) requirements.
• Cybersecurity certifications such as: Certified Information Systems Security Professional (CISSP), Certified Risk and Information Systems Control (CRISC) and Certified Third-Party Risk Professional (CTPRP)

• Familiarity with supply chain risk management practices.
• Experience with vendor lifecycle management and related legal and contract management processes.
• Knowledge of risk management frameworks such as FAIR (Factor Analysis of Information Risk) or OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation).

• Ability to think critically and proactively identify emerging risks.
• Strong interpersonal skills and ability to work effectively across teams and with senior leadership.
• Detail-oriented with strong organizational skills.
• Ability to thrive in a fast-paced, dynamic environment.

• Medical Insurance: Comprehensive health insurance plans covering a range of services
• Saronic pays 100% of the premium for employees and 80% for dependents
• Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care
• Saronic pays 99% of the premium for employees and 80% for dependents
• Time Off: Generous PTO and Holidays
• Parental Leave: Paid maternity and paternity leave to support new parents
• Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses
• Retirement Plan: 401(k) plan
• Stock Options: Equity options to give employees a stake in the company’s success
• Life and Disability Insurance: Basic life insurance and short- and long-term disability coverage
• Additional Perks: Free lunch benefit and unlimited free drinks and snacks in the office 

Saronic does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.