Senior Analyst, Third Party Risk Management (TPRM)

Role Summary

The Third Party Risk Management (TPRM) function is responsible for establishing and operating the enterprise framework for identifying, assessing, and overseeing risks arising from third party relationships, including outsourced service providers, banking partners and other critical vendors. The function supports regulatory compliance, operational resilience, and sound risk governance across the full third party lifecycle.

The Senior Analyst, Third-Party Risk Management is responsible for executing core third-party risk oversight activities across the vendor lifecycle, with a particular focus on due diligence execution, security assessment review, and portfolio monitoring. The role supports portfolio visibility, intake handling, and management reporting, and contributes to the improvement and automation of TPRM workflows through the use of data analytics and AI-enabled tooling. The role brings a technology and security risk lens to complement the team's existing capabilities across governance, operational resilience and vendor risk management.

Primary Duty and Responsibilities

• Execute due diligence activities across the third-party lifecycle, including initial onboarding assessments, periodic reviews, and event-driven assessments for higher-risk and higher-tier vendors, ensuring assessments are complete, accurate, and decision-ready.

• Review and process vendor intake requests, ensuring completeness of information and correct classification and routing based on service characteristics, risk drivers, and technology profile.

• Perform structured reviews of vendor security assessment materials for higher-risk vendors, including SOC 2 reports, ISO 27001 certifications, security questionnaires, and control evidence, synthesizing findings into clear outcomes and required follow-up actions.

• Assess vendor security posture against relevant control frameworks (e.g., ISO/IEC 27001, SOC 2, NIST CSF) and document risk indicators, control gaps, and remediation requirements.

• Support the review and assessment of AI-related vendor risks, including model governance, data privacy, and AI-specific control considerations for vendors deploying AI in their products or services.

• Develop and maintain third-party portfolio reporting, dashboards, KPIs, and tracking outputs that provide management visibility into remediation progress, control gaps, vendor risk trends, and overall program status.

• Lead data analytics and reporting initiatives that improve the quality, structure, accuracy, and usability of TPRM portfolio data across the vendor lifecycle.

• Support the evaluation, implementation, and operationalisation of AI-enabled tools and automation workflows across TPRM processes, working closely with the program manager and Platform team.

• Identify opportunities to improve operational efficiency, consistency, and scalability through automation and AI-assisted review.

• Review and analyze vendor data, assessment outputs, contracts, and supporting documentation to identify inconsistencies, missing information, risk indicators, and opportunities for process improvement.

• Support identification and analysis of portfolio-level considerations, including vendor concentration, dependency indicators, technology risk exposure, and remediation trends.

• Maintain structured datasets, remediation trackers, and governance reporting used for day-to-day execution and management oversight.

• Partner with Cyber, Procurement, Compliance, Legal, Finance, and other stakeholders to support effective third-party oversight, issue resolution, and data governance initiatives.

• Support continuous improvement initiatives across TPRM tools, templates, workflows, and governance processes to strengthen operational consistency and scalability.
• Perform additional duties as required to support the Third-Party Risk Management team and enhance Payoneer's enterprise resilience and risk management capabilities.

Education and/or Experience

Bachelor's degree required; preferred background in cybersecurity, information systems, computer science, engineering, finance, or a related discipline.

3–5 years of experience in Third-Party Risk Management, Information Security, Vendor Risk, GRC, or a related role within a financial institution or regulated environment.

Qualifications

• Experience operating in a regulated, multinational environment, preferably within financial services or fintech.

• Demonstrated experience executing due diligence activities and reviewing vendor assessment documentation across a structured risk framework.

• Strong understanding of information security control frameworks including ISO/IEC 27001, SOC 2, and NIST CSF, with the ability to interpret and apply findings in a TPRM context.

• Experience working with or evaluating AI tools, automation platforms, or data analytics solutions in a risk or compliance context.

• Strong analytical and critical thinking skills, with the ability to interpret complex datasets and documentation, identify trends, and support risk-based decision-making.

• Skills & Tags

  pythongomachine learningaidataanalyticsproduct