×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Third-Party Risk Management; TPRM Analyst

Remote / Online - Candidates ideally in
Vancouver, BC, Canada
Listing for: Vancity
Full Time, Remote/Work from Home position
Listed on 2026-01-02
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Position: Third-Party Risk Management (TPRM) Analyst

Our Story &

Purpose:


We’re Vancity, a member-owned credit union built on the principles of inclusion and social justice. Since 1946, our relentless commitment to these values has helped us challenge the status quo and break down barriers. We’ve made bold commitments to become net-zero by 2040 across all mortgages and loans, and we’re actively pursuing strategies in Indigenous banking and financial resilience for our members.
As the largest private sector Living Wage Employer in Canada, we’re proud to be consistently recognized as one of the country’s Top Employers. If you’re ready to join our team of 2,700 diverse individuals, access competitive rewards and benefits, and be part of a greater movement – apply today!

Your Role in Supporting Our Members:

Join our IT Governance, Risk, and Compliance (IT-GRC) team as a Third-Party Risk Management (TPRM) Analyst. In this role, you shall perform TPRM and vendor risk assessments, and will work closely with internal stakeholders and vendors to ensure that security and compliance risks are identified, assessed, and managed effectively in line with internal policies, regulatory requirements, and industry best practices.

This is a Full-time, Permanent role based at Vancity head office. This role will enjoy hybrid working arrangements which can be fulfilled primarily from the Vancity head office location and your Lower Mainland based home office. Periodically, you’ll be required to attend in-person activities or events. This role reports to the Senior Manager of IT GRC.

How You’ll Make an Impact:

  • Conducting third-party risk assessments to evaluate vendor security and compliance controls by reviewing vendor documentation, engaging with internal stakeholders to understand business requirements, and identifying security and compliance gaps
  • Reviewing vendor security documentation, including SOC reports, web application penetration test results, and security risk assessments
  • Reviewing and providing opinion on vendor provided SoWs, contracts, and MSAs
  • Maintaining and improving third-party risk management processes, tools, and workflows to streamline risk assessments, audit procedures, and reporting
  • Working with procurement, vendor management, legal, and other business teams to perform due diligence on new vendors and ensure security and compliance requirements are met before onboarding
  • Evaluating third-party security incidents or breaches, or vulnerabilities, and coordinating investigation efforts with internal teams and vendors
  • Performing other tasks and responsibilities as assigned

    • What You’ll Bring to the Team:

  • Bachelor’s in Information Technology, Risk Management, Business, or a related field
  • 2–5 years of related experience in IT Governance, Risk, and Compliance (GRC), Third-Party Risk Management, or Information Security
  • A solid understanding of relevant cyber security standards and frameworks such as NIST, ISO 27001, AICPA SOC reports, PCI-DSS, OSFI, PIPEDA
  • Prior working knowledge in reviewing SOC1, SOC2, PCI (AoC), and ISO 27001 reports and attestations
  • Experience reviewing vendor security controls, evaluating compliance artifacts, and analyzing security risks
  • Strong attention to detail and analytical thinking to identify vendor security risks and assist in remediation tracking
  • Excellent communication and stakeholder management skills to engage with vendors and internal teams
  • A proactive mindset with the ability to work independently and manage multiple priorities in a fast-paced environment

    • Extra Skills That Set You Apart:

  • Experience in IT, Audit, Risk Management, Information Security, or a combination of these
  • Information Security related certifications and training such as CISA, CRISC, and CISM
  • An undergraduate degree (preferably in Cyber Security, Computer Science, Engineering, or highly related field)

    • You’ll Thrive Here If You Are:

  • Detail-Oriented
    :
    You have a sharp eye for identifying security gaps and areas of improvement in vendor security practices
  • Analytical
    :
    You can balance business needs with risk considerations and provide pragmatic recommendations
  • Proactive & Adaptable
    :
    You anticipate challenges and take action to address them before they escalate
  • Collaborative
    :
    You…
    • Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
    To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
     
     
     
    Search for further Jobs Here:
    (Try combinations for better Results! Or enter less keywords for broader Results)
    Location
    Increase/decrease your Search Radius (miles)

    Job Posting Language
    Employment Category
    Education (minimum level)
    Filters
    Education Level
    Experience Level (years)
    Posted in last:
    Salary
    Advanced Search