Third-Party Risk Analyst

Job Summary

To support a short-term contract, the Third-Party Risk & Controls Analyst will review, test, and document internal controls across multiple business units while working remotely, ensuring audit readiness and contributing to risk and compliance processes.

Key responsibilities

• Review and test internal controls, documenting results and gathering evidence from process owners
• Validate control design and effectiveness, supporting Risk Control Self-Assessments (RCSAs) and preparing for audits
• Execute standardized test procedures and manage multiple tasks to strengthen the overall control environment

Required qualifications

• 3-5+ years of experience in Risk, Controls, Internal Audit, or Compliance Testing
• Strong understanding of Test of Design vs. Test of Effectiveness
• Experience with regulatory frameworks such as NIST, ISO, SOC, SOX, HIPAA, and PCI
• Familiarity with GRC tools, particularly RSA Archer, ServiceNow GRC, or MetricStream
• Proven ability to write and execute Standardized Test Procedures (STPs)