ST
Third-Party Risk Analyst
full-time•New York•$100k - $120k
About this role
The Third-Party Security Analyst will play a key role in supporting the Third-Party Security Team in both the development and execution of the firm’s Third-party Security Program. This includes identifying, assessing, monitoring, and mitigating risks associated with vendors, suppliers, and service providers across the globe as well as supporting strategic program initiatives.
The ideal candidate is an experienced information security or risk management professional with a background in third-party assessment execution, IT Risk management or IT Audit. The candidate should possess strong analytical skills, attention to detail, and the ability to collaborate cross-functionally with legal, Vendor Management Office, and IT security teams. Strong communication and interpersonal skills are required to effectively engage with third parties.
Essential Job Duties & Responsibilities
Conduct information security due diligence during vendor onboarding, at renewal, and periodic review cycles.
Apply a risk-based approach to third party security assessments, including documenting compensating controls and risks acceptances where appropriate.
Maintain comprehensive vendor inventory, including vendor profiling and Inherent Risk determination.
Maintain a third-party risk register and track mitigation efforts for identified security risks.
Develop and implement strategies to mitigate identified risks, working closely with third parties and internal stakeholders to address security gaps.
Support a continuous monitoring program to assess third-party security posture and follow up on identified vulnerabilities and security risks.
Partner with general counsel and vendor management to incorporate information security requirements into third-party contracts.
Work with internal security teams to investigate and respond to third-party related security incidents.
Support and enhance escalation procedures and remediation requirements related to third-party security breaches.
Prepare and present third party risk metrics, dashboards, trends, and highlighted risks to senior management and IT leadership.
Contribute to the continuous improvement and scalability of the Firm’s third party security risk management program.
Education
Required
Bachelor’s degree or related experience required
Preferred
Professional certifications, such as CISSP, CRISC, CISM, CISA, ISO 27001 Lead Auditor/Implementor.
Skills and Experience
Required
5 years of experience in information security, third-party risk management, IT risk, or cybersecurity assurance, with at least 3 years focused on third party risk management.
Experience conducting information security risk assessments of third-parties, vendors, and service providers.
Strong understanding of information security controls and frameworks (ISO 27001/27002, NIST CSF, CIS Controls, etc.)
Familiarity with third-party security domains, including data protection, access controls, incident response and cloud security.
Ability to assess third-party responses to security questionnaires, and analyze security documentation, audit reports, vulnerability scans, and penetration test results to identify control gaps and remediation requirements.
Ability to prioritize third party security risks based on inherent risk, business criticality, and compensating controls.
Experience producing clear risk summaries, remediation recommendations, and executive level reporting
Familiarity with information security and data protections requirements in third party contracts.
Strong communication and negotiation skills to work effectively with internal and external stakeholders.
Ability to work independently and collaboratively in a team environment
Demonstrated ability to handle sensitive and/or confidential material and information with suitable discretion.
Preferred
Experience developing processes aligned with the third-party risk management lifecycle.
Familiarity with information security considerations for vendors leveraging AI or providing AI centric solutions.
Salary Information
NY Only: The estimated base salary range for this position is $100,000 to $120,000 at the time of posting.
The actual salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt meaning it is not overtime pay eligible.
Simpson Thacher will not sponsor applicants for work visas for this position.
Privacy Notice
For information about how Simpson Thacher & Bartlett LLP collects and processes your personal information, please refer to our Privacy Notice available at https://www.stblaw.com/other/privacy-notice.
Simpson Thacher & Bartlett is committed to a collegial work environment in which all individuals are treated with respect and dignity. The Firm prohibits discrimination or harassment based upon race, color, religion, gender, gender identity or expression, age, national origin, citizenship status, disability, marital or partnership status, sexual orientation, veteran’s status or any other legally protected status. This Policy pertains to every aspect of an individual’s relationship with the Firm, including but not limited to recruitment, hiring, compensation, benefits, training and development, promotion, transfer, discipline, termination, and all other privileges, terms and conditions of employment.
#LI-HybridWhat you'll do
- The Third-Party Security Analyst will support the Third-Party Security Team in developing and executing the firm's Third-party Security Program. Responsibilities include conducting security assessments, maintaining vendor inventories, and developing risk mitigation strategies.
About Simpson Thacher & Bartlett LLP
Simpson Thacher & Bartlett LLP is one of the world’s leading international law firms. The Firm was established in 1884 and has approximately 2000 lawyers. Headquartered in New York with offices in Beijing, Boston, Brussels, Hong Kong, Houston, London, Los Angeles, Luxembourg, Palo Alto, San Francisco, São Paulo, Tokyo and Washington, D.C., the Firm provides coordinated legal advice and transactional capability to clients around the globe.
This website contains attorney advertising. Prior results do not guarantee a similar outcome.
Ready to join Simpson Thacher & Bartlett LLP?
Take the next step in your career journey
Frequently Asked Questions
What does Simpson Thacher & Bartlett LLP pay for a Third-Party Risk Analyst?
Simpson Thacher & Bartlett LLP offers a competitive compensation package for the Third-Party Risk Analyst role. The salary range is USD 100k - 120k per year. Apply through Clera to learn more about the full compensation details.
What does a Third-Party Risk Analyst do at Simpson Thacher & Bartlett LLP?
As a Third-Party Risk Analyst at Simpson Thacher & Bartlett LLP, you will: the Third-Party Security Analyst will support the Third-Party Security Team in developing and executing the firm's Third-party Security Program. Responsibilities include conducting security assessments, maintaining vendor inventories, and developing risk mitigation strategies..
Is the Third-Party Risk Analyst position at Simpson Thacher & Bartlett LLP remote?
The Third-Party Risk Analyst position at Simpson Thacher & Bartlett LLP is based in New York, United States. Contact the company through Clera for specific work arrangement details.
How do I apply for the Third-Party Risk Analyst position at Simpson Thacher & Bartlett LLP?
You can apply for the Third-Party Risk Analyst position at Simpson Thacher & Bartlett LLP directly through Clera. Click the "Apply Now" button above to start your application. Clera's AI-powered platform will help match your profile with this opportunity and guide you through the application process.