Senior Third Party Risk Analyst

Rapid7 is seeking an experienced, self-motivated, and strategic Third Party Senior Risk Analyst to revamp and grow our Third Party Risk Program.

This will be a trusted strategic advisor within the Information Security team, and work alongside Senior Leadership to develop and establish an industry best practice TPRM program. The ideal candidate will effectively collaborate with stakeholders in Procurement, IT, Legal, and others across the organization to drive a global program that effectively manages the risk assessment and due diligence processes, both at on-boarding and throughout the lifecycle of third-parties.

The Team

Rapid7's Trust & Security Governance team functions within the Information Security department and plays a crucial role in supporting the organization's mission. We ensure we meet our duty of care to our customers, employees, and shareholders by creating effective governance for upholding internal security policies, identifying and managing security risk, distributing foundational security expertise across every department to create an exceptional security culture, and bolstering customer and community trust by providing accessible and transparent information about our internal security program. This role partners closely with other InfoSec teams, Legal, Procurement, and many other teams at Rapid7.

• Develop and Manage the end-to-end Third-Party Risk Management Program within Rapid7 which includes managing business, security, compliance, and contractual risks associated with working with third-parties.
• Administer and manage the distribution of due diligence questionnaires to the suppliers, review submitted questionnaires for completeness, ensure Risk stakeholders finalize reviews and determine overall residual risk rating.
• Partner with business Stakeholders, including Senior Leadership, Third-party vendors and Subject Matter Experts (security, compliance, legal, etc.) to ensure programs and processes are successfully executed.
• Partner with a cross functional team supporting pre- and post-contract supplier due diligence efforts including inherent risk triage, administration of appropriate security assessments, continuous monitoring and issue management/remediation and escalation.
• Manage a consistently growing portfolio of vendors to help maintain visibility into the risk landscape of the organization's most critical third parties.
• Identify, prioritize and pursue opportunities to enhance and streamline Rapid7's TPRM processes.
• Contribute to the development of detailed procedural documents and ensure alignment of TPRM with applicable regulatory requirements globally.
• Review contracts identifying and making sure that requirements relevant to Rapid7 are properly addressed by Rapid7 vendors.
• Help to monitor and attend during 3rd Party Breaches.

• 5+ years of relevant third party risk management experience.
• Experience with third-party risk tools. Experience with OneTrust is a plus.
• Excellent written and verbal communication skills, with focus on producing reports and documentation that will be presented to senior management, internal audit, and regulators.
• Proven ability to operate effectively in a fast-paced, entrepreneurial company in which cross-functional teamwork and initiative is a must.
• Knowledge of risk management governance standards and other standardized practices for 3rd Party Risk Management (e.g. Shared Information Gathering).
• Bachelors in Business Administration, Finance, Economics, Computer Science or related fields.
• CTPRP (Certified Third Party Risk Professional) is a plus.
• Experience with 3rd party risk intelligence tools is a plus.
  
  We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.
  
  About Rapid7
  
  Rapid7 (NASDAQ: RPD) helps organizations across the globe protect what matters most so innovation can thrive in an increasingly connected world. Our comprehensive technology, services, and community-focused research simplify the complex for security teams, helping them reduce vulnerabilities, monitor for malicious behavior, be in 10 places at once, and shut down attacks. We're on a mission to make security solutions easier to use and access so we can bring safety and resilience to more people. With more than 10,000 customers across 140+ countries, Rapid7 is a leader in cybersecurity that has earned numerous industry accolades and recognition for our technology and culture.