IT Security Analyst overseeing internal audits, security assessments, and compliance for CMC’s IT operations. Engaging in risk management and policy development while collaborating with cross - functional teams.
TI
Hybrid Cybersecurity Analyst, Third-Party Risk & Technology Governance
Posted 2 months ago
About the role
- Cybersecurity Analyst at Trimble managing third-party cybersecurity risks and optimizing risk management processes with a focus on automation and AI security. Collaborating on assessments related to vendors and technologies.
Responsibilities
- Lead comprehensive cybersecurity risk assessments for new and existing vendors, partners, and suppliers.
- Analyze and validate vendor security documentation, including SOC 2, ISO 27001 certifications, and security questionnaires (SIG/CAIQ).
- Evaluate vendor control environments, specializing in cloud infrastructure (AWS, Azure, GCP), application security (OWASP Top 10), and data protection.
- Clearly articulate and document technical risks for both technical teams and senior business stakeholders.
- Collaborate with Legal and Procurement to develop, track, and enforce vendor risk remediation plans.
- Drive efficiency and consistency by analyzing and optimizing the end-to-end Third-Party Risk Management (TPRM) lifecycle.
- Design and implement automated workflows within our Governance, Risk, and Compliance (GRC) platform.
- Define, track, and report Key Performance Indicators (KPIs) and metrics to measure TPRM program health and effectiveness.
- Maintain core program documentation, including Standard Operating Procedures (SOPs) and assessment methodologies.
- Conduct specialized AI vendor security evaluations covering critical domains such as model integrity, data privacy, and adversarial attack resistance.
- Provide guidance on the secure and responsible adoption of third-party AI technologies to internal teams.
- Stay current with evolving AI regulatory frameworks (e.g., NIST AI RMF, EU AI Act) and emerging security threats.
- Leverage AI solutions to automate dynamic risk management and continuous testing of vendor controls.
Requirements
- 3 years of experience in an information security, IT audit, or technology risk management role.
- At least 2 years of direct, hands-on experience in Third-Party Risk Management (TPRM).
- Proven ability to analyze and streamline complex processes, with a track record of implementing successful improvements.
- Strong technical knowledge of core cybersecurity domains, including cloud security, network security, identity and access management (IAM), and encryption.
- Demonstrated experience interpreting security reports and assessing the effectiveness of technical controls.
- A strong interest in and foundational understanding of AI/ML technologies and their unique security challenges.
- Excellent analytical skills, with the ability to think critically and solve problems independently.
- Strong written and verbal communication skills, capable of engaging with a wide range of audiences.
- Hands-on experience with TPRM platforms.
Benefits
- Health insurance
- Professional development opportunities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Specialist in PingFederate, PingDirectory and PingID for IAM infrastructure management. Collaborating with teams for stable operation and development in Cotia.
Cyber Security Analyst in the Core IP/DDoS Security team at Vodafone. Ensuring real - time threat mitigation and incident response for DDoS attacks.
Senior Security Analyst developing and implementing security strategies for logistics operations. Focus on risk assessment, staff training, and policy compliance.
Security Analyst managing vulnerability management for PostFinance. Overseeing patching and security issues to ensure system stability.
IT Security Analyst supporting the Supreme Court of Nevada in safeguarding judicial information systems. Implementing security controls, maintaining compliance, and conducting security assessments in a collaborative environment.
Information Security Analyst SME protecting information assets by designing and maintaining security policies. Ensuring compliance with security standards in a tech services company focused on digital transformation.
Vulnerability Analyst role in BGS supporting government clients. Conduct vulnerability assessments and enhance cybersecurity protocols for effective mitigation strategies.
Analyst of Information Security focusing on Governance and Project Risk Analysis in software development. Join a dynamic team collaborating on security in tech projects.
Cybersecurity Analyst responsible for protecting corporate environments and managing security incidents. Collaborating with IT teams and providing strategic security communications.