Senior Information Security Third Party Risk Analyst

  • Jobs
  • Senior Information Security Third Party Risk Analyst

Job Details and Location

  • Organization: Federal Reserve Bank of Atlanta
  • Region: Georgia
  • Location: Midtown Atlanta - Hybrid

Job Certifications

  • CTPRP: Preferred
  • CTPRA: Preferred

When you join the Federal Reserve—the nation’s central bank—you’ll play a key role, collaborating with leading tech professionals to strengthen and protect our economic, financial and payments systems. We dedicate more than $1 billion to technology each year to support the Federal Reserve and our economy, and we’re building a dynamic and diverse team for our future.

Bring your passion and expertise, and we’ll provide the opportunities that will challenge you and propel your growth—along with a wide range of benefits and perks that support your health, wealth, and life. In addition to competitive compensation, we offer a comprehensive benefits package that includes tuition assistance, generous paid time off, top-notch health care benefits, child and family care leave, professional development opportunities, a 401(k) match, pension, and more. All brought together in a flexible work environment where you can truly find balance.

As the Sr. TPRM (Third Party Risk Management) Analyst under limited supervision, responsible for developing and implementing systems and processes to protect the Bank’s information resources. Proactively researches and gathers information security intelligence and best practices to address emerging security needs. Acts as a subject matter expert and senior consultant to business clients and department management on matters of third party risk. Provides expert guidance to department management and business lines to ensure compliance and mitigation of risks. Owns objectives that support Department Strategic Goals. Generally acts in either an assurance or operational capacity.

Key Responsibilities:

Develops and maintains strong working relationships with business areas throughout the enterprise. Advises business lines and IT team on security requirements and best practices

Provide periodic compliance/risk assessments and deliver business focused analysis
Execute on strategy and develop services to address specific information assurance, risk management, and related compliance issues

Perform third party risk assessments upon all third parties at point of engagement and throughout the supplier relationship.

Work with third parties and their internal relationship owners to identify and remediate risks as required.

Provide clear and high-quality risk reports, with guidance and recommendations, to enable senior business owners to make the most appropriate risk decisions relating to the use of third parties

Perform and provide data analyses reporting on third party risk
Support contractual reviews for new and existing suppliers.

Leverage intelligence, industry best practices (NIST CSF) and the regulatory landscape (such as GDPR, FCA, and FFIEC) to ensure a rounded assessment of the security risk posed to the Bank

Serves as a subject matter expert (SME) for providing oversight of platform implementation, and development and optimization to improve overall vendor risk posture.

Coordinates with vendors to ensure managed services are implemented and maintained appropriately

Track and communicate overall program performance, ensuring program milestones remain on track and are completed timely.

May participate in strategic planning activities, other Information Security Projects, or other district/system priorities, including workgroups and initiatives, as requested.

Serves as the subject matter expert (SME) for the development of processes and procedures for the information security governance program, including control document reviews, participant assessment preparation, meeting coordination, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting, and escalation.


Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.


Five years of Information Security or IT audit experience preferred. Experience in vendor risk management, cyber risk, procurement, enterprise risk management, internal audit, and/or controls related function is required.

Functional Knowledge Preferences

Knowledge Areas:

Info Security Frameworks
Network Design & Architecture
Third Party Cyber Risk
GRC Solutions
Technical Writing
Vendor Risk Management Tools
Automated Workflow Management
Technical Knowledge:

Our total rewards program offers benefits that are the best fit for you at every stage of your career:

Comprehensive healthcare options (Medical, Dental, and Vision)
401K match, and a fully funded pension plan
Paid vacation and holidays; flexible work environment
Generously subsidized public transportation
Annual tuition reimbursement
Professional development programs, training and conferences
And more…

This is not necessarily an exhaustive list of all responsibilities, duties, performance standards or requirements, efforts, skills or working conditions associated with the job. While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require that other or different tasks be performed when circumstances change (e.g. emergencies, rush jobs, change in workload or technological developments).

The Federal Reserve Bank of Atlanta is an equal opportunity employer.
Full Time / Part Time
Full time

Regular / Temporary

Job Exempt (Yes / No)

Job Category
Work Shift

First (United States of America)
The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Privacy Notice