Senior Analyst, Third Party Risk Management (Remote Eligible - Costa Rica)

📋 Description

• Lead end-to-end Third Party Risk Assessments for new and existing vendors.
• Own ongoing monitoring of vendor risk across Smartsheet's third-party portfolio.
• Evaluate vendor security documentation (SOC 2, ISO, PCI, etc.) and translate into risk summaries.
• Drive process improvements to scale the TPRM program with tooling and automation.
• Collaborate cross-functionally with Legal, Procurement, Info Security, Privacy, and stakeholders on sourcing/renewals.
• Leverage AI tools (Claude, Copilot) to increase efficiency while validating outputs.

🎯 Requirements

• 5+ years of experience in third party risk management or related fields.
• Practical knowledge of NIST, ISO 27001, COSO, COBIT, SOC, PCI DSS.
• Familiarity with SIG and/or CSA CAIQ questionnaires.
• Ability to review SOC 2 reports, pen tests, and other vendor attestations.
• Experience working with Legal, Procurement, and Engineering stakeholders.
• Strong written and verbal English; translate risk findings into business terms.

🎁 Benefits

• Experience with vendor risk management platforms (AuditBoard, Archer, OneTrust, ServiceNow GRC, Vanta, or Coupa).
• Background in SaaS, cloud, or technology environments.
• Familiarity with AI-assisted workflows in GRC/compliance.
• Experience supporting or contributing to audit processes (SOC 2, ISO 27001, BARR).
• Certifications such as CISA, CRISC, CTPRP, or equivalent.
• Teleworking options from any registered location in Costa Rica.