Third Party Risk Analyst

Company DescriptionJob Description

We're looking for a highly motivated and detail-oriented Third Party Risk Management (TPRM) Analyst to join our Governance, Risk, and Compliance (GRC) organization. In this role, you will be a key contributor to the security of our supply chain by leading complex risk assessments.

You'll be responsible for the full lifecycle of third party risk management- including vendor intake, due diligence, ongoing monitoring and offboarding. The ideal candidate will have a proactive approach to problem-solving and a strong understanding of risk management principles, as well as the ability to work independently to ensure all tasks are completed accurately and on time.

This position reports to our Director, Data Protection. We're looking for someone to join us immediately.

WHAT YOU'LL DO

Execute the TPRM Process : Conduct comprehensive risk assessments on third parties including analysis of appropriate security controls, contract requirements, and compliance documentation. You'll be responsible for gathering necessary information directly from third parties.

Identify Critical Systems and Assets : Partner with technical and business teams to map sensitive data and critical systems. You'll also categorize third parties to guide reassessment and identify processor / sub-processor relationships.

Contribute to Program Development : Help shape and refine our TPRM policies and procedures. Look for ways to improve efficiency, including the use of automation and AI.

Support Contracting : Work with our legal and procurement teams to include security and data protection requirements in contracts.

Maintain Accurate Records : Accurately document all assessment activities, findings, and mitigation efforts in our TPRM platform (OneTrust).

Provide Operational Support : Guide business owners and third parties through the TPRM process, answering questions and providing a smooth experience.

Monitor and Report : Support ongoing monitoring of third parties and contribute to recurring reports on the program's health and effectiveness.

WHAT WE ARE LOOKING FOR

Experience : Bachelor's degree and at least 5 years of direct experience in third party risk management, information security, or GRC. Direct experience conducting complex, end-to-end risk assessments, preferably in a fast-paced or regulated environment.

Technical Knowledge : Deep understanding of information security and data protection frameworks (e.g., NIST CSF, ISO 27001, SOC 2) and regulations (e.g., GDPR, CCPA, EU AI ACT). Strong knowledge of different data and system risk types and a proactive approach to risk mitigation.

Platform Proficiency : Hands-on experience with a TPRM platform like OneTrust, including customizing workflows and managing automations.

Skills : Exceptional communication and presentation skills, with the ability to interact effectively with stakeholders at all levels. Provide critical thinking with strong analytical and problem-solving abilities.

Independent Contributor : Proven ability to work independently, take ownership of tasks, and prioritize effectively in a dynamic environment.

Preferred : Familiarity with data analysis and visualization tools like Power BI to support data-driven decisions.

QualificationsAdditional Information

Base Pay Range $111,760 - $153,670. Eligible for Bonus Incentive Compensation. Eligible for Equity Compensation. Procore is committed to offering competitive, fair, and commensurate compensation, and has provided an estimated pay range for this role. Actual compensation will be based on a candidate's job-related skills, experience, education or training, and location.

Perks & Benefits

At Procore, we invest in our employees and provide a full range of benefits and perks to help you grow and thrive. From generous paid time off and healthcare coverage to career enrichment and development programs, learn more details about what we offer and how we empower you to be your best.

About Us

Procore Technologies is building the software that builds the world. We provide cloud-based construction management software that helps clients more efficiently build skyscrapers, hospitals, retail centers, airports, housing complexes, and more. At Procore, we have worked hard to create and maintain a culture where you can own your work and are encouraged and given resources to try new ideas. Check us out on Glassdoor to see what others are saying about working at Procore.

We are an equal-opportunity employer and welcome builders of all backgrounds. We thrive in a dynamic and inclusive environment. We do not tolerate discrimination against candidates or employees on the basis of gender, sex, national origin, civil status, family status, sexual orientation, religion, age, disability, race, traveler community, status as a protected veteran or any other classification protected by law.

If you'd like to stay in touch and be the first to hear about new roles at Procore, join our Talent Community .

Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact our benefits team here to discuss reasonable accommodations.

For Los Angeles County (unincorporated) Candidates :

Procore will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable federal, state, and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act.

A criminal history may have a direct, adverse, and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment : 1. appropriately managing, accessing, and handling confidential information including proprietary and trade secret information, as well as accessing Procore's information technology systems and platforms; 2. interacting with and occasionally having unsupervised contact with internal / external customers, stakeholders, and / or colleagues; and 3. exercising sound judgment.