AEG
Overview
The Sr Analyst Third-Party Risk supports AEG's global risk and compliance efforts by overseeing the third-party risk management process. This role focuses on facilitating vendor onboarding, coordinating risk assessments, ensuring compliance with internal standards, and working with leadership to maintain a structured review process across business units in North America, Europe, and APAC. Responsibilities
Coordinate and manage the end-to-end third-party onboarding and risk vetting process globally, ensuring complete and accurate data intake and process adherence across the GRC platform. Conduct vendor risk assessments, identify compliance gaps, and coordinate remediation efforts with relevant stakeholders, and escalate issues to IT Security Leadership as needed. Support third-party program efforts related to privacy, regulatory obligations (e.g., GDPR/CCPA), and annual review cycles as directed by IT Security Leadership. Maintain standard operating procedures, vendor lifecycle documentation, and assist with operational reporting and audit readiness related to vendor risk. Communicate regularly with internal teams to update on vendor status and provide guidance on vendor risk obligations as established by IT Security Leadership. Track vendor renewals and manage periodic reassessments, maintaining accurate records and triggering reviews as needed. Required Qualifications
BA/BS Degree (4-year) in Computer Science, Information Security, Business Administration, or a related field; or equivalent related work experience. 4 years experience with compliance and risk management programs. Experience performing vendor security and compliance assessments, including third-party/vendor evaluations. Experience in banking, hospitality, retail, studio, or leisure industries is preferred. Experience working in global complex environments is preferred. Strong understanding of vendor risk assessment methodologies and third-party due diligence processes. Familiarity with compliance frameworks and regulations relevant to vendor relationships (e.g., GDPR, CCPA/CPRA, NIST). Knowledge of and ability to translate complex IT, security, and governance concepts into business-friendly language. Experience maintaining SOPs, documentation, and audit readiness materials. Highly organized with strong coordination skills across multiple teams and geographies. Capable of influencing and fostering cross-functional collaboration without direct authority. Self-starter capable of working independently and managing competing priorities. Proficient in Microsoft Office 365 applications, including Excel, PowerPoint, and SharePoint. Strong communication and interpersonal skills, especially in cross-functional settings. Attention to detail with strong analytical and problem-solving abilities. CompTIA Security+ Certification CISA, CRISC, CISSP, ISO 27001 Lead Auditor preferred but not required Compensation and Benefits
Pay Scale:
$90,000 - $110,000 Bonus:
This position is eligible for a bonus under the current bonus plan requirements. Benefits:
Full-time: We offer a comprehensive benefits package that includes medical, dental and vision insurance, paid holidays, vacation and sick time, company paid basic life insurance, voluntary life insurance, parental leave, 401k Plan (with a current employer match of 3%), flexible spending and health savings account options, and wellness offerings.
#J-18808-Ljbffr
The Sr Analyst Third-Party Risk supports AEG's global risk and compliance efforts by overseeing the third-party risk management process. This role focuses on facilitating vendor onboarding, coordinating risk assessments, ensuring compliance with internal standards, and working with leadership to maintain a structured review process across business units in North America, Europe, and APAC. Responsibilities
Coordinate and manage the end-to-end third-party onboarding and risk vetting process globally, ensuring complete and accurate data intake and process adherence across the GRC platform. Conduct vendor risk assessments, identify compliance gaps, and coordinate remediation efforts with relevant stakeholders, and escalate issues to IT Security Leadership as needed. Support third-party program efforts related to privacy, regulatory obligations (e.g., GDPR/CCPA), and annual review cycles as directed by IT Security Leadership. Maintain standard operating procedures, vendor lifecycle documentation, and assist with operational reporting and audit readiness related to vendor risk. Communicate regularly with internal teams to update on vendor status and provide guidance on vendor risk obligations as established by IT Security Leadership. Track vendor renewals and manage periodic reassessments, maintaining accurate records and triggering reviews as needed. Required Qualifications
BA/BS Degree (4-year) in Computer Science, Information Security, Business Administration, or a related field; or equivalent related work experience. 4 years experience with compliance and risk management programs. Experience performing vendor security and compliance assessments, including third-party/vendor evaluations. Experience in banking, hospitality, retail, studio, or leisure industries is preferred. Experience working in global complex environments is preferred. Strong understanding of vendor risk assessment methodologies and third-party due diligence processes. Familiarity with compliance frameworks and regulations relevant to vendor relationships (e.g., GDPR, CCPA/CPRA, NIST). Knowledge of and ability to translate complex IT, security, and governance concepts into business-friendly language. Experience maintaining SOPs, documentation, and audit readiness materials. Highly organized with strong coordination skills across multiple teams and geographies. Capable of influencing and fostering cross-functional collaboration without direct authority. Self-starter capable of working independently and managing competing priorities. Proficient in Microsoft Office 365 applications, including Excel, PowerPoint, and SharePoint. Strong communication and interpersonal skills, especially in cross-functional settings. Attention to detail with strong analytical and problem-solving abilities. CompTIA Security+ Certification CISA, CRISC, CISSP, ISO 27001 Lead Auditor preferred but not required Compensation and Benefits
Pay Scale:
$90,000 - $110,000 Bonus:
This position is eligible for a bonus under the current bonus plan requirements. Benefits:
Full-time: We offer a comprehensive benefits package that includes medical, dental and vision insurance, paid holidays, vacation and sick time, company paid basic life insurance, voluntary life insurance, parental leave, 401k Plan (with a current employer match of 3%), flexible spending and health savings account options, and wellness offerings.
#J-18808-Ljbffr