Act as a dedicated "Procurement Partner" for internal requestors, managing the workflow from initial intake through final vendor approval and onboarding handoff.
Conduct initial technical security assessments, defining the scope and risk profile of new vendors.
Facilitate the legal and contractual review process by translating security requirements into actionable contract language.
Orchestrate final onboarding steps by coordinating with Finance, People Ops, and IT Ops.
Proactively manage the recurring annual assessment calendar for existing vendors.
Perform sophisticated analysis of vendor documentation to make informed recommendations on risk acceptance.
Serve as the "source of truth" for external parties, managing responses to inbound requests for compliance proof.
Support evidence collection and control-testing phases for annual audits.
Continuously evaluate the TPRM and GRC lifecycle for bottlenecks and propose workflows that increase efficiency.

3–5 years of experience in Information Security, IT Audit, or Third-Party Risk Management.
Demonstrated experience performing manual security reviews and control assessments (independent of automated GRC "check-the-box" platforms).
CISA, CRISC, or Security+ are preferred but not required.
Experience in fast-paced, growth-oriented environments where building processes is as important as following them.

Competitive salary
Comprehensive benefits package with employer-paid basic life and disability premiums
401K
Unlimited PTO
Company-sponsored quarterly “ePayItForward” initiatives
Supportive and inclusive company culture with a focus on work/life balance
Fully-stocked kitchen
Lunch stipend when working onsite
Open communication (We won’t box you in! If you have a cool idea for a product improvement or a suggestion on how to improve the customer experience, let’s talk about it. We value everyone’s ideas and opinions.)
Huge opportunity for growth

Information Security Compliance Analyst

Key skills