Vendor Risk Analyst
Job ID: 35817
Date Added: 10/15/2025
Atlanta, GA, Birmingham, AL or Naperville, IL – Hybrid 3-4 days onsite
1 year + contract
$50-58/hr W2 – sorry no C2C
Must be US Citizen
Position Overview:
This hybrid role is within the Cybersecurity organization and reports directly to the Third-Party Risk Program Manager. You are responsible for evaluating and mitigating cybersecurity risks associated with third-party vendors and service providers. This role ensures that external partnerships comply with internal security policies, regulatory requirements, and industry best practices. Your mission involves collaborating with business partners and third parties to improve the cyber security posture of the Company’s supply chain. By conducting and utilizing the results from assessments, you will advise third parties on methods to raise their security maturity and provide insight to our business partners regarding the impact and probability of identified cyber security gaps. You will be responsible for creating and maintaining information within the Third-Party Risk Management (TPRM) platform. The Senior Vendor Risk Analyst combines cybersecurity and business understanding to reduce the Company’s risk exposure over time. Prior knowledge of security controls, creative critical thinking skills, and a desire to learn our business are essential! This is a hybrid role, but in-office presence will be expected at least three days a week initially, growing to 4 days a week during 2026.
Job Responsibilities:
- In coordination with the Company’s vendor relationship owners, manage assessments of vendors’ security controls to identify shortfalls. Communicate remediation options to the vendors
- Collaborate with TPRM team members and business partners to complete assessments and determine risk mitigation strategies
- Become an expert of the TPRM platform to identify and direct necessary customizations, enhancements, and record maintenance to a vendor-supported platform that enable relevant reporting and Program maturation
- Develop an appreciation and understanding of various business units while employing your knowledge of security fundamentals to effectively communicate Company risk resulting from assessment findings
- Proactively propose and implement changes to Company Program policy/practice to ensure a risk-informed approach to vendor/supply chain management
- Collaborate across Supply Chain, Legal, Cybersecurity, and the Technology Organizations to create a shared picture of supplier risk
- Support cross-functional teams to investigate, analyze, and make recommendations to leadership or process owners regarding technology solutions, security architecture, or security vulnerabilities
- When appropriate, collaborate across Cyber org to identify compensating controls for significant vendor-specific risks to the company and its customers
- Review vendor-proposed modifications to Master Service Agreements or Application Service Provider Agreements on behalf of TS to identify any unacceptable security risks associated with new language
- Understand, relate, and transform regulatory requirements into information security policy, standards, procedures, and guidelines
- Maintain current knowledge of information security concepts, technologies, and practices
Required qualifications:
- United States citizenship is required
- Bachelor’s degree or equivalent experience in a related field
- 10+ years’ experience in security risk assessment, risk management, compliance or auditing
- Strong knowledge of security control frameworks (e.g., NIST SP 800-53, ISO/IEC 27001:2013)
- Ability to communicate clearly, confidently, and knowledgeably to internal and external stakeholders regarding the Program and assessment results
- Demonstrated history of critical, independent, and creative thinking to enable continuous improvement or business success within the constraints of security imperatives
- Ability to holistically assess the risk of a third party engagement, considering control gaps, the nature of the vendor relationship, and the way a vendor's products/services are leveraged required
- Must have demonstrated history of critical, independent, and creative thinking with high attention to detail; this will enable continuous improvement and ensure auditable record trail for all assessment data
- Prior experience overseeing one or more people in support of a technology solution or program
- Demonstrated ability to work with and in cross-functional teams
- One or more of the following certifications: TPCRA, C3PRMP, CTPRA CISSP, CASP, CISA, CISM, GIAC, PMP
- Must be able to pass NERC CIP and Insider Threat Program background screening due to access to sensitive critical infrastructure and information regarding security capabilities
- This is a hybrid role but three days per week in the office (Naperville, IL, Birmingham, AL or Atlanta, GA) is expected initially but will grow to four days per week in office during 2026. In-office expectations may change over time depending on organizational policy and supervisor’s requirements.
- Occasional travel for industry collaboration/influence or professional development is expected
Preferred qualifications:
- Experience working in a highly regulated industry
- Prior experience advocating security policies, practices, controls, and standards to business and IT teams
- Familiarity with basic requirements for architecting secure information systems
- Familiarity with NERC’s Critical Infrastructure Protection (CIP) standards
- Experience with non-IT risk such as operational, financial, Compliance and Regulatory, Strategic Risk, Legal Risk, and ESG risk (Environmental, Social, and Governance)
(dependent on factors including but not limited to client requirements, experience, statutory considerations, and location).
*Note: Disclosure as required by the Equal Pay for Equal Work Act (CO), NYC Pay Transparency Law, and sb5761 (WA)
Synergis is proud to be an Equal Opportunity Employer. We value diversity and do not discriminate on the basis of race, color, ethnicity, national origin, religion, age, gender, gender identity, political affiliation, sexual orientation, marital status, disability, military/veteran status, or any other status protected by applicable law.
For consideration, please forward your resume to dwicks@synergishr.com
If you require assistance or an accommodation in the application or employment process, please contact us at dwicks@synergishr.com.
Qualified applicants with arrest or conviction records will be considered for employment in accordance with the requirements of applicable state and local laws, including but not limited to, the San Francisco Fair Chance Ordinance, the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.
Synergis is a workforce solutions partner serving thousands of businesses and job seekers nationwide. Our digital world has accelerated the need for businesses to build IT ecosystems that enable growth and innovation along with enhancing the Total Experience (TX). Synergis partners with our clients at the intersection of talent and transformation to scale their balanced teams of tech, digital and creative professionals. Learn more about Synergis at ww.synergishr.com.