Sr. Cyber Governance, Risk & Compliance Analyst

Company Description

Vuori is re-defining what athletic apparel looks like: built to move and sweat in but designed with a casual aesthetic to transition into everyday life. We draw inspiration from an active coastal California lifestyle; an integration of fitness, creative expression and life. Our high energy fast paced retail environment is reflected in the clothes we make. We aim to inspire others to take on all aspects of their lives with clarity, enthusiasm and purpose…while having a lot of fun along the way.

We are proud to be an outlet for opportunity and for personal growth and success.

Job Description

The Senior Cyber Governance, Risk & Compliance Analyst is a senior level security professional whose primary responsibility is to design, operate, and continuously mature the organization's Third‑Party / Vendor Risk Management (TPRM) program. In this role, the analyst serves as an embedded risk partner to the business, driving consistent, high‑quality vendor risk outcomes across the full third‑party lifecycle.

While TPRM is the core focus of this role, the analyst is also expected to contribute meaningfully across other Information Security and Privacy domains as needed, including privacy operations, cyber governance, risk and compliance (GRC), and security operations. This role is ideal for a practitioner who enjoys vendor risk but is comfortable flexing across adjacent security functions in a fast-moving environment.

What you'll get to do:

Third‑Party / Vendor Risk Management (Primary Focus)

* Design, implement, operate, and continuously mature the Third‑Party Risk Management program, evolving it from a reactive, compliance driven function into a proactive, risk-based capability.

* Execute and oversee the full third-party risk lifecycle, including onboarding, inherent and residual risk assessments, due diligence, periodic reviews, contract risk review, issue management, remediation tracking, and ongoing monitoring.

* Perform deep technical security and risk assessments of third parties, including cloud services, SaaS platforms, infrastructure providers, and technology vendors.

* Review and interpret security assurance artifacts such as SOC 2 Type II reports, penetration test reports, CAIQ, SIG, ISO certifications, and other compliance attestations.

* Evaluate complex vendor solutions, including API integrations with critical internal systems, cloud native architectures (AWS, Azure, GCP), and AI/ML platforms.

* Assess and manages emerging third-party risks, including artificial intelligence risks such as data provenance, model integrity, data leakage, and secure handling of proprietary or regulated data.

* Lead end-to-end issue and remediation management, ensuring accountability, effectiveness, and timely closure of identified control gaps.

* Develop and maintain TPRM standards, playbooks, governance models, escalation paths, and operating procedures aligned with regulatory expectations and business needs.

* Build and deliver meaningful reporting, dashboards, and metrics that provide leadership with clear visibility into third-party risk posture, trends, and decision points.

Privacy & Data Protection (Primary Focus)

* Support privacy operations, including Data Subject Requests (DSRs), Data Protection Impact Assessments (DPIAs), and data mapping initiatives.

* Partner with Privacy and Legal stakeholders to assess vendor and internal data processing risks and ensure appropriate safeguards are in place.

* Contribute to privacy related risk assessments, controls validation, and remediation tracking as needed.

Cyber Governance, Risk & Compliance (Supporting Responsibility)

* Support cyber GRC activities, including tracking information security risks, risk exceptions, and remediation plans.

* Assist with the implementation and ongoing operation of security and risk management frameworks (e.g., NIST, ISO, SOC
2).

* Contribute to audit and assurance activities by providing risk assessments, evidence, and clear articulation of control posture.

Security Operations & Enablement (Supporting Responsibility)

* Provide support to information security operations as needed, including incident response activities, impact…