Smartsheet - Senior Analyst, Third Party Risk Management (Remote Eligible - Costa Rica)
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• 5+ years of experience in third party risk management, vendor risk, GRC, information security, audit, or compliance — with direct experience conducting vendor or third-party risk assessments. • Practical knowledge of one or more risk or regulatory frameworks such as NIST, ISO 27001, COSO, COBIT, AICPA SOC/TSP, PCI DSS, or similar. • Familiarity with vendor security questionnaire frameworks, including SIG (Shared Assessments) and/or CSA CAIQ. • Demonstrated ability to review and interpret SOC 2 reports, penetration testing summaries, and other vendor security attestations. • Experience working in cross-functional environments involving Legal, Procurement, and/or Engineering stakeholders. • Strong written and verbal communication skills in English, with the ability to translate technical risk findings into clear business language. • Effective critical thinking and judgment — able to assess risk materiality, prioritize competing demands, and escalate appropriately. • Comfort working with and evaluating AI-generated content, with a clear understanding of the need to verify outputs before relying on them in risk decisions. • Adaptability to evolving regulatory requirements and a genuine interest in staying current on the third-party risk landscape. • Experience with vendor risk management platforms such as AuditBoard, Archer, OneTrust, ServiceNow GRC, Vanta, or Coupa. • Background in SaaS, cloud, or technology company environments. • Familiarity with AI-assisted workflows in a GRC or compliance context. • Experience supporting or contributing to audit processes (e.g., SOC 2, ISO 27001, BARR). • Relevant certifications such as CISA, CRISC, CTPRP, or equivalent. • Experience with operational risk across multiple business units, legal entities, or jurisdictions. • Teleworking options from any registered location in Costa Rica (role specific) • Get to Know Us: • Get to Know Us: • At Smartsheet, your ideas are heard, your potential is supported, and your contributions have real impact. You’ll have the freedom to explore, push boundaries, and grow beyond your role. We welcome diverse perspectives and nontraditional paths—because we know that impact comes from individuals who care deeply and challenge thoughtfully. When you’re doing work that stretches you, excites you, and connects you to something bigger, that’s magic at work. Let’s build what’s next, together.
Responsibilities
• Lead end-to-end Third Party Risk Assessments for new and existing vendors, including vendor tiering, scoping, questionnaire management, and findings documentation. • Own the ongoing monitoring and tracking of vendor risk across Smartsheet's third-party portfolio, ensuring timely follow-up on remediation activities and risk acceptance decisions. • Evaluate vendor security documentation including SOC 2 reports, penetration testing results, ISO certifications, and other control attestations — and translate findings into clear, actionable risk summaries for stakeholders. • Drive process improvement initiatives within the TPRM program, identifying opportunities to scale and mature the program through better tooling, automation, and workflow design. • Collaborate cross-functionally with Legal, Procurement, Information Security, Privacy, and business stakeholders to ensure vendor risk considerations are embedded in sourcing and renewal decisions. • Leverage AI tools (including Claude and Microsoft Copilot) to increase efficiency in vendor reviews and documentation — while applying sound judgment to review, validate, and take accountability for AI-generated outputs. • Contribute to broader risk program activities including risk reporting, policy review, and program documentation as part of a lean, high-performing Risk team. • Support the development of TPRM metrics and reporting to provide leadership with meaningful visibility into the organization's third-party risk exposure. • Other job duties as assigned
Similar Jobs
No credit card. Takes 10 seconds.