Senior Analyst, Third Party Risk Management (remote Eligible - Costa Rica)
Smartsheet
San Jose, Costa Rica
On-site
5+ years third party risk management experience
Conduct vendor risk assessments and tiering
Review soc 2 reports and penetration testing results
This role serves as a primary point of contact for vendor risk across the organization, interfacing regularly with cross-functional teams
Job Summary
This role serves as a primary point of contact for vendor risk across the organization, interfacing regularly with cross-functional teams.
You will own a portfolio of vendor assessments and help drive program maturity by evaluating security documentation and translating findings into actionable summaries.
The position requires leveraging AI tools to increase efficiency while applying sound judgment to validate outputs before relying on them in risk decisions.
Matching Summary
This role serves as a primary point of contact for vendor risk across the organization, interfacing regularly with cross-functional teams.
Skills & Requirements
Must-have
5+ years third party risk management experience
Conduct vendor risk assessments and tiering
Review SOC 2 reports and penetration testing results
Familiarity with NIST ISO 27001 or COSO frameworks
Experience with SIG or CSA CAIQ questionnaires
Strong English communication skills for stakeholders
Nice-to-have
Experience with AuditBoard OneTrust or ServiceNow GRC
Background in SaaS or cloud technology environments
Familiarity with AI-assisted workflows in compliance
Relevant certifications like CISA CRISC or CTPRP
Experience supporting SOC 2 or ISO 27001 audits
Key Requirements
5+ years experience in TPRM or GRC
Must reside in Costa Rica
Direct experience conducting vendor risk assessments