×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant Data Security

Senior Analyst, Third-Party Security

Job in New York, New York County, New York, 10261, USA
Listing for: Simpson Thacher & Bartlett LLP
Full Time position
Listed on 2026-05-31
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant, Data Security
Salary/Wage Range or Industry Benchmark: 160000 - 190000 USD Yearly USD 160000.00 190000.00 YEAR
Job Description & How to Apply Below
Location: New York

Senior Analyst, Third-Party Security

The Senior Analyst, Third‑Party Security will play a key role in supporting the Third‑Party Security Team in both the development and execution of the firm’s Third‑party Security Program. This includes identifying, assessing, monitoring, and mitigating risks associated with vendors, suppliers, and service providers across the globe as well as supporting strategic program initiatives. The ideal candidate is an experienced information security or IT risk management professional with a background in third‑party assessment execution, IT Risk management or IT Audit.

The candidate should possess strong analytical skills, attention to detail, and the ability to collaborate cross‑functionally with legal, Vendor Management Office, and IT security teams. Strong communication and interpersonal skills are required to effectively engage with third parties and program stakeholders.

Responsibilities
  • Conduct information security due diligence including secure by design reviews, during vendor onboarding, at renewal, and periodic review cycles.
  • Apply a risk‑based approach to third party security assessments, including documenting compensating controls and risks acceptances where appropriate.
  • Evaluate third‑party architectures, including network connectivity (VPN, reverse proxy), data flows, encryption models, and access controls.
  • Assess risks related to cloud environments (AWS/Azure/GCP), SaaS platforms, and API integrations.
  • Analyze external risk intelligence sources (e.g., Bit Sight, Security Scorecard) and correlate with internal findings.
  • Review and challenge secure design, identity/access models (SSO, OAuth, SCIM), and data protection mechanisms.
  • Enhance and maintain a comprehensive vendor inventory, including vendor profiling and inherent risk determination.
  • Enhance and maintain a third‑party risk register and track mitigation efforts for identified security risks.
  • Develop and implement strategies to mitigate identified risks, working closely with third parties and internal stakeholders to address security gaps.
  • Support a continuous monitoring program to assess third‑party security posture and follow up on identified vulnerabilities and security risks.
  • Partner with general counsel and vendor management to incorporate information security requirements into third‑party contracts.
  • Work with internal security teams to investigate and respond to third‑party related security incidents.
  • Support and enhance escalation procedures and remediation requirements related to third‑party security breaches.
  • Prepare and present third‑party risk metrics, dashboards, trends, and highlighted risks to senior management and IT leadership.
  • Contribute to the continuous improvement and scalability of the Firm’s third‑party security risk management program.
  • Partner with the Third Party Security Senior Manager to build and enhance strategic objectives of the program.
Education

Bachelor’s degree or related experience required.

Skills & Experience
  • 10+ years of progressive experience in information security, third‑party risk management, IT risk, or cybersecurity assurance, with at least 3 years focused on third‑party risk management.
  • Strong understanding of information security controls and frameworks (ISO 27001/27002, NIST CSF, CIS Controls, etc.).
  • Proficient understanding of third‑party security domains, including data protection, access controls, incident response and cloud security.
  • Proven ability to perform third‑party security risk assessments by reviewing security questionnaires, audit reports, policies and penetration test results to identify control gaps, formulate follow‑up inquiries, and document remediation requirements.
  • Deep knowledge of technology supplier ecosystems (software, cloud, IT labor, and infrastructure) and associated risk dynamics.
  • Experience producing clear risk summaries, remediation recommendations, and executive level reporting.
  • Familiarity with information security and data protections requirements in third‑party contracts.
  • Excellent communication skills: clear, structured, persuasive with the ability to educate and inspire teams around risk and performance ownership.
  • Proven ability to…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search