Information Security Analyst (Third Party Risk Management , CTPRP /CISA/CRISC)

About Arctera

Arctera keeps the world’s IT systems working. We can trust that our credit cards will work at the store, that power will be routed to our homes and that factories will produce our medications because those companies themselves trust Arctera.

Arctera is behind the scenes making sure that many of the biggest organizations in the world – and many of the smallest too – can face down ransomware attacks, natural disasters and compliance challenges without missing a beat. We do this through the power of data and our flagship products, Insight, InfoScale and Backup Exec.

Illuminating data also helps our customers maintain personal privacy, reduce the environmental impact of data storage, and defend against illegal or immoral use of information.

It’s a task that continues to get more complex as data volumes surge. Every day, the world produces more data than it ever has before. And global digital transformation – and the arrival of the age of AI – has set the course for a new explosion in data creation.

Joining the Arctera team, you’ll be part of a group innovating to harness the opportunity of the latest technologies to protect the world’s critical infrastructure and to keep all of our data safe.

Job Summary:

We are hiring an Information Security Analyst to conduct vendor risk assessments, review contract security clauses, and ensure compliance with industry standards, regulatory requirements, and internal security policies. This role is responsible for assessing, monitoring, and mitigating risks associated with third-party vendors while driving the overall TPRM program to enhance vendor security management. The ideal candidate should possess strong analytical skills, collaborate effectively with internal stakeholders, and proactively identify and mitigate third-party security risks.

Key Responsibilities:

• Vendor Risk Management: Conduct security risk assessments for third-party vendors, identifying potential threats and control gaps.
• Contract Security Reviews: Evaluate security clauses in vendor contracts, participate in SLA negotiations, and recommend necessary controls.
• Compliance & Risk Assessments: Conduct security and risk assessments to ensure compliance with ISO 27001, NIST CSF, and other regulatory requirements. Support other GRC-related functions as needed.
• Compliance & Frameworks: Ensure vendors align with industry standards such as ISO 27001, SOC 2, NIST 800-53, GDPR, and PCI-DSS.
• Risk Remediation: Collaborate with vendors to remediate identified risks and track mitigation plans.
• Stakeholder Collaboration: Work closely with Legal, Procurement, Privacy, Security Review, and Business teams to integrate security requirements into vendor relationships.
• Reporting & Metrics: Develop and present risk reports to management, highlighting key third-party security risks and trends.
• Audit Support: Assist in preparing for and responding to internal and external audits, including evidence collection, gap analysis, and remediation tracking.
• Vendor Risk Repository Management: Maintain a centralized repository for vendor risk profiles, assessments, and agreements.
• Security & Compliance Updates: Stay informed on emerging security threats, regulatory changes, and best practices in third-party risk management.

Required Skills & Experience:

• Minimum 2 years of experience in Third-Party Risk Management, Information Security, or GRC.
• Experience conducting vendor security risk assessments and contract reviews.
• Strong understanding of ISO 27001, SOC 2, NIST 800-53, GDPR, and PCI-DSS compliance requirements.
• Experience in reviewing SOC 2, HITRUST, SIG, and CAIQ reports.
• Strong audit and control testing skills (preferred).
• Proficiency with TPRM tools such as OneTrust, ServiceNow, or similar platforms.
• Ability to analyze vendor security controls and provide risk-based recommendations.
• Excellent written and verbal communication skills to engage with vendors and internal stakeholders.

Education & Certifications:

• Bachelor’s/Master’s degree in IT/CS, Cybersecurity, or a related field.
• Certifications such as CTPRP (Certified Third Party Risk Professional), ISO 27001 Lead Auditor/Implementer, CISA, and CRISC are highly desirable.