Third Party Risk Anlayst

Third Party Risk Analyst This is a fully remote role. D&H is growing! Join 100+ year old Employee-Owned technology distributor, offering end-to-end solutions for today's resellers, retailers, and the clients they serve across the SMB and Consumer markets. • We are empowered by our employee Co-Owners who provide the industry’s best service, and we promote a collaborative culture. • We offer an Employee Stock Ownership Plan, 401k, Paid Time Off, Medical, Prescription, Dental and Vision benefits as well as Gym Reimbursement, Work from Home Reimbursement, Employee Purchase Program, Tuition Assistance and much more! • As a D&H Co-Owner you receive numerous discounts on services. • We feel strongly about giving back to the community and promoting sustainable, eco-friendly business practices. SUMMARY D&H Distributing is looking to hire a detail-oriented and analytical Third-Party Risk Management Analyst to support our vendor risk program. This role will be responsible for assessing, monitoring, and managing risks associated with third-party vendors and service providers, ensuring compliance with internal policies, contractual requirements, and industry regulations. The analyst will work closely with stakeholders across Procurement, Information Security, Compliance, and Legal to identify and mitigate risks throughout the vendor lifecycle. ESSENTIAL DUTIES AND RESPONSIBILITIES • Conduct third-party risk assessments for new and existing vendors, focusing on security, compliance, privacy, and operational risks • Review vendor due diligence materials such as SOC reports, ISO certifications, penetration test results, and compliance questionnaires • Monitor and track vendor performance and risk posture through ongoing assessments and periodic reviews • Maintain the vendor risk inventory and ensure vendor information is accurate and up to date. • Collaborate with internal teams to define risk mitigation plans and follow up with vendors on remediation efforts • Support the development and enhancement of third-party risk management policies, procedures, and tools • Assist in the implementation and administration of third-party risk management platforms. • Prepare reports and dashboards for management, summarizing vendor risk findings, trends, and remediation status • Stay informed of emerging risks, regulatory requirements, and best practices related to vendor management and third-party security · Evaluate the effectiveness of information security controls and performance by developing, monitoring, gathering, and analyzing information security and compliance metrics for management • Stay up to date on the latest security and industry trends including their compliance requirements • Maintain familiarity with cybersecurity frameworks such as NIST, CIS, and other security technology by attending workshops and reviewing publications • Coordinate across organization to ensure mutual success in protecting D&H • Work with the business units to remediate identified issues with minimal assistance • Effectively deal with rapid change in a positive manner • Participate in all company/location driven communication efforts, including huddles, department meetings, and other related efforts • Maintain a positive and professional working relationship with peers, management, support resources, and the community with a constant commitment to teamwork and exemplary customer service to present a professional image of D&H Distributing • Perform all other duties as assigned by management in a professional and efficient manner EDUCATION and/or EXPERIENCE • Bachelor’s degree in Information Security, Risk Management, Business, or related field (or equivalent experience). • 2+ years of experience in vendor risk management, IT risk, compliance, or a related role. • Familiarity with common information security and risk frameworks (ISO 27001, SOC 2, NIST, CIS, HIPAA, PCI-DSS, etc.). • Strong analytical and problem-solving skills with attention to detail. • Ability to communicate effectively with technical and non-technical stakeholders. • Experience with third-party risk management tools/platforms is a plus (e.g., Archer, ProcessUnity, OneTrust, ServiceNow VRM). Apply tot his job