Third Party Risk Analyst
Posted on: June 6, 2021
Everlaw is seeking a Third Party Risk Analyst, who will support
the Governance, Risk, and Compliance team with the development,
implementation, and ongoing management of Everlaw's third party
risk management (TPRM) program. As a Third Party Risk Analyst,
you'll interact with all levels of the organization and function as
an integral team member in advancing the overall GRC program with
respect to third party vendor reviews, risk management policies,
and procedures, operational workflows, and internal audits. You'll
bring your operational risk management experience and exceptional
attention to detail into our collaborative environment. You'll lead
improvements to the company's third party risk management
framework, evolve our risk policies and procedures; and be
accountable for performing vendor due diligence to meet information
security, data protection, and compliance requirements. Your impact
and work will be felt across the organization helping law firms,
corporations, and government agencies discover truth and promote
At Everlaw, our mission is to promote justice by illuminating
truth. Our company culture is open and democratic and we're
committed to the professional growth of our team members, offering
an annual learning and development stipend and regular check-ins
with managers regarding career goals.If you're looking for a place
that values passion, integrity, thinking big, and a desire to
learn, we'd love to hear from you! Think you're missing some of the
skills and are hesitant to apply? We do not believe in the
'perfect' candidate and encourage you to apply if you feel you can
bring value to our team.
This is a full-time, exempt position located onsite in Oakland,
In the first few months, you will
- Learn and understand Everlaw's risk management policies,
procedures and third party risk and compliance program.
- Conduct ongoing security, privacy, and risk assessments for
vendors (risk ratings, security questionnaires, internal
communications, tracking, etc.).
- Build relationships with Procurement, Security engineering, and
Business teams to drive awareness and adoption of enhanced third
party security and risk review processes.
- Manage the implementation and maintenance of the TPRM tool
(OneTrust) as the central repository for vendor information and
- Feel like part of the team! Our onboarding process will
integrate you into the company with informative sessions on our
policies, processes, and team structure and goals.
- Learn, grow, and contribute right away. We trust that you will
bring experience and knowledge that will uplift the team, but we
don't expect you to know everything on Day 1. You will have time to
develop your product knowledge and get up to speed on all aspects
Going forward, you will
- Be a third party risk management subject matter expert, meaning
that you'll be able to provide guidance around third party risk
reviews and due diligence, lead training and education on third
party risk, as well as respond to questions about our risk
management policies and procedures.
- Be accountable for TPRM lifecycle activities; including vendor
risk assessments, risk methodologies, periodic monitoring and
auditing, process documentation, risk remediation, and reporting on
- Lead projects to improve the program's maturity, effectiveness,
and scalability through automation and process improvements.
- Support security and compliance audits and provide technical
and business recommendations to process owners to remediate third
party risk findings.
- Monitor industry trends, government alerts (i.e., US-CERT,
CISA) and updates from existing vendors for potential security
incidents and serve as the primary point of contact for incident
investigations involving third parties.
- Develop and implement process improvements and be the main
point of contact for collaboration with cross-functional
- Establish and drive best practices and governance across all
third party risk management activities to ensure compliance with
company policies and regulatory requirements.
- You have at least 3 years of demonstrated experience in
designing, building, and managing a TPRM program; performing and
leading third party risk assessments, implementing vendor risk
assessment tools, methodologies, remediation plans, etc.
- You have the ability to discern relevant business and security
risks posed by third parties unaided and possess excellent project
management skills to prioritize remediation activities based on
business criticality, audits, and regulatory requirements to align
with business objectives and mitigate impact to the company.
- You have a track record of successfully using your
communication and interpersonal skills to collaborate with
technical and business teams. You enjoy achieving deadline-driven
milestones while demonstrating the ability to think critically and
creatively, with analytical and problem-solving skills.
- You are able to operate independently and take a proactive
approach to your projects with superb organizational skills and
have an innate urge to document. You enjoy finding ways to enhance
processes wherever possible.
- You are authorized to work in the United States. Please note
that currently, Everlaw is not sponsoring employment visas.
- You have exposure to security and compliance frameworks (e.g.
SOC 2, ISO 27001, NIST, HIPAA) with a solid understanding of how
security and privacy risks affect a variety of data, applications,
and infrastructure, and how those risks translate to third
- You have industry experience working in ediscovery, a
high-growth start-up, or at a Software as a Service (SaaS)
- You have experience and technical knowledge of configuring
third party management and compliance tools such as Onetrust,
Hyperproof, ZenGRC, etc.
- You have relevant security or audit certifications.
- Competitive salary Substantial equity 401k with company
- Health, dental, and vision insurance
- Flexible Spending Accounts for health and dependent care
- Fully paid pregnancy and bonding leaves for new parents
(including adoptive and foster)
- Seventeen paid vacation days plus ten bankable federal
- Membership to Modern Health to help employees prioritize mental
health and wellness
- Annual allocation for Learning & Development opportunities and
applicable professional membership dues
- Company-sponsored life and disability insurance
- Work in Downtown Oakland, just steps from the BART line and
dozens of restaurants
- Select your preference of hardware (Mac or PC) and customize
your desk setup
- Bond over team lunches and out-of-the-box events
- "Ranked #1 on G2 for Ediscovery Software and Momentum" and
proud contributor of free ediscovery resources to benefit the
greater good through "Everlaw for Good"
We help law firms, government agencies, and corporations sift
through millions of documents of evidence in big lawsuits and
investigations to find the proverbial smoking gun (or needle in the
haystack -- pick your metaphor). It's a multi-billion dollar space
typically dominated by service-oriented vendors, and we're coming
at it with cutting-edge technology and elegant design. It's
working, and we've been growing very rapidly: we host hundreds of
terabytes of data and work with all 50 state Attorneys General and
hundreds of law firms on some of the most high-profile cases
If you're looking for an open, democratic company culture that
values passion, integrity, and a desire to learn, we want to hear
Everlaw is an equal opportunity employer. We pride ourselves on
having a diverse workforce and we do not discriminate against any
employee or applicant because of race, creed, color, religion,
gender, sexual orientation, gender identity/expression, national
origin, disability, age, genetic information, veteran status,
marital status, pregnancy or related condition, or any other basis
protected by law. We respect the gender, gender identity and gender
expression of our applicants and employees, and we honor requests
for pronouns. It is our policy to comply with all applicable
national, state and local laws pertaining to nondiscrimination and
equal opportunity, including the California Equal Pay Act.
Keywords: Everlaw, Oakland , Third Party Risk Analyst, Other , Oakland, California
Didn't find what you're looking for? Search again!