OaklandRecruiter Since 2001
the smart solution for Oakland jobs

Third Party Risk Analyst

Company: Everlaw
Location: Oakland
Posted on: June 6, 2021

Job Description:

Everlaw is seeking a Third Party Risk Analyst, who will support the Governance, Risk, and Compliance team with the development, implementation, and ongoing management of Everlaw's third party risk management (TPRM) program. As a Third Party Risk Analyst, you'll interact with all levels of the organization and function as an integral team member in advancing the overall GRC program with respect to third party vendor reviews, risk management policies, and procedures, operational workflows, and internal audits. You'll bring your operational risk management experience and exceptional attention to detail into our collaborative environment. You'll lead improvements to the company's third party risk management framework, evolve our risk policies and procedures; and be accountable for performing vendor due diligence to meet information security, data protection, and compliance requirements. Your impact and work will be felt across the organization helping law firms, corporations, and government agencies discover truth and promote justice.

At Everlaw, our mission is to promote justice by illuminating truth. Our company culture is open and democratic and we're committed to the professional growth of our team members, offering an annual learning and development stipend and regular check-ins with managers regarding career goals.If you're looking for a place that values passion, integrity, thinking big, and a desire to learn, we'd love to hear from you! Think you're missing some of the skills and are hesitant to apply? We do not believe in the 'perfect' candidate and encourage you to apply if you feel you can bring value to our team.

This is a full-time, exempt position located onsite in Oakland, California.

In the first few months, you will

  • Learn and understand Everlaw's risk management policies, procedures and third party risk and compliance program.
  • Conduct ongoing security, privacy, and risk assessments for vendors (risk ratings, security questionnaires, internal communications, tracking, etc.).
  • Build relationships with Procurement, Security engineering, and Business teams to drive awareness and adoption of enhanced third party security and risk review processes.
  • Manage the implementation and maintenance of the TPRM tool (OneTrust) as the central repository for vendor information and assessment.
  • Feel like part of the team! Our onboarding process will integrate you into the company with informative sessions on our policies, processes, and team structure and goals.
  • Learn, grow, and contribute right away. We trust that you will bring experience and knowledge that will uplift the team, but we don't expect you to know everything on Day 1. You will have time to develop your product knowledge and get up to speed on all aspects of Everlaw.

Going forward, you will

  • Be a third party risk management subject matter expert, meaning that you'll be able to provide guidance around third party risk reviews and due diligence, lead training and education on third party risk, as well as respond to questions about our risk management policies and procedures.
  • Be accountable for TPRM lifecycle activities; including vendor risk assessments, risk methodologies, periodic monitoring and auditing, process documentation, risk remediation, and reporting on assessment outcomes.
  • Lead projects to improve the program's maturity, effectiveness, and scalability through automation and process improvements.
  • Support security and compliance audits and provide technical and business recommendations to process owners to remediate third party risk findings.
  • Monitor industry trends, government alerts (i.e., US-CERT, CISA) and updates from existing vendors for potential security incidents and serve as the primary point of contact for incident investigations involving third parties.
  • Develop and implement process improvements and be the main point of contact for collaboration with cross-functional stakeholders.
  • Establish and drive best practices and governance across all third party risk management activities to ensure compliance with company policies and regulatory requirements.

About you

  • You have at least 3 years of demonstrated experience in designing, building, and managing a TPRM program; performing and leading third party risk assessments, implementing vendor risk assessment tools, methodologies, remediation plans, etc.
  • You have the ability to discern relevant business and security risks posed by third parties unaided and possess excellent project management skills to prioritize remediation activities based on business criticality, audits, and regulatory requirements to align with business objectives and mitigate impact to the company.
  • You have a track record of successfully using your communication and interpersonal skills to collaborate with technical and business teams. You enjoy achieving deadline-driven milestones while demonstrating the ability to think critically and creatively, with analytical and problem-solving skills.
  • You are able to operate independently and take a proactive approach to your projects with superb organizational skills and have an innate urge to document. You enjoy finding ways to enhance processes wherever possible.
  • You are authorized to work in the United States. Please note that currently, Everlaw is not sponsoring employment visas.


  • You have exposure to security and compliance frameworks (e.g. SOC 2, ISO 27001, NIST, HIPAA) with a solid understanding of how security and privacy risks affect a variety of data, applications, and infrastructure, and how those risks translate to third parties.
  • You have industry experience working in ediscovery, a high-growth start-up, or at a Software as a Service (SaaS) company.
  • You have experience and technical knowledge of configuring third party management and compliance tools such as Onetrust, Hyperproof, ZenGRC, etc.
  • You have relevant security or audit certifications.


  • Competitive salary Substantial equity 401k with company matching
  • Health, dental, and vision insurance
  • Flexible Spending Accounts for health and dependent care expenses
  • Fully paid pregnancy and bonding leaves for new parents (including adoptive and foster)
  • Seventeen paid vacation days plus ten bankable federal holidays
  • Membership to Modern Health to help employees prioritize mental health and wellness
  • Annual allocation for Learning & Development opportunities and applicable professional membership dues
  • Company-sponsored life and disability insurance


  • Work in Downtown Oakland, just steps from the BART line and dozens of restaurants
  • Select your preference of hardware (Mac or PC) and customize your desk setup
  • Bond over team lunches and out-of-the-box events
  • "Ranked #1 on G2 for Ediscovery Software and Momentum" and proud contributor of free ediscovery resources to benefit the greater good through "Everlaw for Good"
  • #LI-RV1

About Everlaw

We help law firms, government agencies, and corporations sift through millions of documents of evidence in big lawsuits and investigations to find the proverbial smoking gun (or needle in the haystack -- pick your metaphor). It's a multi-billion dollar space typically dominated by service-oriented vendors, and we're coming at it with cutting-edge technology and elegant design. It's working, and we've been growing very rapidly: we host hundreds of terabytes of data and work with all 50 state Attorneys General and hundreds of law firms on some of the most high-profile cases litigated today.

If you're looking for an open, democratic company culture that values passion, integrity, and a desire to learn, we want to hear from you.

Everlaw is an equal opportunity employer. We pride ourselves on having a diverse workforce and we do not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law. We respect the gender, gender identity and gender expression of our applicants and employees, and we honor requests for pronouns. It is our policy to comply with all applicable national, state and local laws pertaining to nondiscrimination and equal opportunity, including the California Equal Pay Act.

Keywords: Everlaw, Oakland , Third Party Risk Analyst, Other , Oakland, California

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest California jobs by following @recnetCA on Twitter!

Oakland RSS job feeds