Third Party Security Risk Analyst

**Who are we?**
- UpGuard's mission is to protect the world's data. We obsessively seek out elegant, robust ways to enable our customers to find, acknowledge, and remediate cyber risk. With UpGuard, organizations leverage our security expertise and software to automate what was once laborious, spreadsheet-driven processes-whether it's monitoring the attack surface of hundreds of vendors or assessing the security of their own infrastructure. UpGuard is used by some of the world's largest, fastest-growing, and most innovative companies.

Our Product team at UpGuard comprises of our Product Management, Product Support, Engineering, Design, Data Leaks Detection, and Third Party Risk Management Services. Our Product team's vision is to become the leader in the Cyber VRM category by providing a best-in-class SaaS platform for organizations to manage their third-party risk and external attack surface. Our purpose as a Product team is simply to build a product that enables this. We aim to build a product that users love and come to rely on, and one that regularly and consistently improves.

**Why are we hiring this role?**

We have successfully implemented third party security managed services for our customers and are looking to scale these efforts therefore need to scale the team

**In this role you will**:

- Translate complex and technical aspects into a report so that the business can understand it.
- Partner with customers to identify, measure and manage Third Party risks and controls.
- Assist with standardised reports, templates and scorecards used to inform customers on third party risks.
- Work closely with various teams including, sales and customer success to understand the changing needs of our customers.
- Develop and maintain working knowledge of emerging financial, operational, third party and regulatory/compliance related information to contribute to the continuous improvement of the Third Party risk management offering.

**What do we need from you**:

- Strong knowledge of relevant security frameworks, standards, US requirements, US laws e.g. ISO 27001, PCI DSS, NIST CSF, HIPAA etc.
- Thorough understanding of cybersecurity risk management.
- 2-3+ years of experience in Risk Management, Third Party Risk, Auditing, Consulting or the equivalent.
- Understanding of Third Party risk management practices, including the lifecycle of risk identification, treatment, mitigation, acceptance, remediation as well as inherent and residual risks.
- Have a track record of mastering highly technical problem spaces.
- Possess strong written and verbal communication skills, with a talent for precise articulations of customer problems.
- Customer Service experience for managing customer relationships.

**What would give you an edge**:

- Bachelor Degree in the fields of Information Technology or Systems or related major.
- Any relevant professional certification, such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Regulatory Vendor Program Manager (CRVPM) or Certified Third Party Risk Professional (CTPRP).
- Performed data leaks assessments.
- Experience in managing customer expectations.
- Experience in performing Third Party Security Risk Assessments.
- Experience or a keen interest in cybersecurity.

**What's in it for you?**:

- ** Hybrid or Remote**: you choose. While we have offices in Sydney & Hobart, we don't mandate how often you need to be there. We focus on what you deliver, not where you deliver it from.
- ** Impact**: Influence the direction and design of projects that push the boundaries of your field and see the impact of your work daily.
- ** Be part of an energetic team**: Our team is highly collaborative, fostering a positive work environment that encourages creativity and innovation.
- ** We value work-life balance**: We recognize the importance of maintaining balance and provide a supportive work environment that allows you to prioritize your personal life and well-being.
- ** Generous reward**: We offer a competitive salary + equity
- ** Great perks**: You won't find table tennis tables or office mandates - we prefer to offer perks that support your overall well-being - including a lifestyle allowance, well-being program, WFH budget, personal learning & development budget, generous leave benefits, and plenty more

As an Equal Employment Opportunity and Affirmative Action Employer, qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.