Rapid7 is seeking an experienced, self-motivated, and strategic Third Party Senior Risk Analyst to revamp and grow our Third Party Risk Program. This will be a trusted strategic advisor within the Information Security team, and work alongside Senior Leadership to develop and establish an industry best practice TPRM program. The ideal candidate will effectively collaborate with stakeholders in Procurement, IT, Legal, and others across the organization to drive a global program that effectively manages the risk assessment and due diligence processes, both at on-boarding and throughout the lifecycle of third-parties.
The Team:
Rapid7's Trust & Security Governance team functions within the Information Security department and plays a crucial role in supporting the organization's mission. We ensure we meet our duty of care to our customers, employees, and shareholders by creating effective governance for upholding internal security policies, identifying and managing security risk, distributing foundational security expertise across every department to create an exceptional security culture, and bolstering customer and community trust by providing accessible and transparent information about our internal security program. This role partners closely with other InfoSec teams, Legal, Procurement, and many other teams at Rapid7.
In this role you will:
- Develop and Manage the end-to-end Third-Party Risk Management Program within Rapid7 which includes managing business, security, compliance, and contractual risks associated with working with third-parties.
- Administer and manage the distribution of due diligence questionnaires to the suppliers, review submitted questionnaires for completeness, ensure Risk stakeholders finalize reviews and determine overall residual risk rating.
- Partner with business Stakeholders, including Senior Leadership, Third-party vendors and Subject Matter Experts (security, compliance, legal, etc.) to ensure programs and processes are successfully executed.
- Partner with a cross functional team supporting pre- and post-contract supplier due diligence efforts including inherent risk triage, administration of appropriate security assessments, continuous monitoring and issue management/remediation and escalation.
- Manage a consistently growing portfolio of vendors to help maintain visibility into the risk landscape of the organization's most critical third parties.
- Identify, prioritize and pursue opportunities to enhance and streamline Rapid7's TPRM processes.
- Contribute to the development of detailed procedural documents and ensure alignment of TPRM with applicable regulatory requirements globally.
- Review contracts identifying and making sure that requirements relevant to Rapid7 are properly addressed by Rapid7 vendors.
- Help to monitor and attend during 3rd Party Breaches.
In return you will bring:
- 5+ years of relevant Third Party Risk management experience.
- Experience with third-Party Risk tools. Experience with OneTrust is a plus.
- Excellent written and verbal communication skills, with focus on producing reports and documentation that will be presented to senior management, internal audit, and regulators.
- Proven ability to operate effectively in a fast-paced, entrepreneurial company in which cross-functional teamwork and initiative is a must.
- Knowledge of risk management governance standards and other standardized practices for 3rd Party Risk Management (e.g. Shared Information Gathering).
- Bachelors in Business Administration, Finance, Economics, Computer Science or related fields.
- CTPRP (Certified Third Party Risk Professional) is a plus.
- Experience with 3rd Party Risk intelligence tools is a plus.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.