Simpson Thacher & Bartlett LLP · 21 hours ago
Third-Party Risk Analyst
New York, NY
Full-time
Hybrid
Mid, Senior Level
$100K/yr - $120K/yr
5+ years expSimpson Thacher & Bartlett LLP is a leading law firm seeking a Third-Party Risk Analyst to support their Third-Party Security Team. The role involves developing and executing the firm’s Third-party Security Program by identifying, assessing, monitoring, and mitigating risks associated with vendors and service providers.
Law Practice
No H1B
Responsibilities
Conduct information security due diligence during vendor onboarding, at renewal, and periodic review cycles
Apply a risk-based approach to third party security assessments, including documenting compensating controls and risks acceptances where appropriate
Maintain comprehensive vendor inventory, including vendor profiling and Inherent Risk determination
Maintain a third-party risk register and track mitigation efforts for identified security risks
Develop and implement strategies to mitigate identified risks, working closely with third parties and internal stakeholders to address security gaps
Support a continuous monitoring program to assess third-party security posture and follow up on identified vulnerabilities and security risks
Partner with general counsel and vendor management to incorporate information security requirements into third-party contracts
Work with internal security teams to investigate and respond to third-party related security incidents
Support and enhance escalation procedures and remediation requirements related to third-party security breaches
Prepare and present third party risk metrics, dashboards, trends, and highlighted risks to senior management and IT leadership
Contribute to the continuous improvement and scalability of the Firm’s third party security risk management program
Qualification
Required
Bachelor's degree or related experience required
5 years of experience in information security, third-party risk management, IT risk, or cybersecurity assurance, with at least 3 years focused on third party risk management
Experience conducting information security risk assessments of third-parties, vendors, and service providers
Strong understanding of information security controls and frameworks (ISO 27001/27002, NIST CSF, CIS Controls, etc.)
Familiarity with third-party security domains, including data protection, access controls, incident response and cloud security
Ability to assess third-party responses to security questionnaires, and analyze security documentation, audit reports, vulnerability scans, and penetration test results to identify control gaps and remediation requirements
Ability to prioritize third party security risks based on inherent risk, business criticality, and compensating controls
Experience producing clear risk summaries, remediation recommendations, and executive level reporting
Familiarity with information security and data protections requirements in third party contracts
Strong communication and negotiation skills to work effectively with internal and external stakeholders
Ability to work independently and collaboratively in a team environment
Demonstrated ability to handle sensitive and/or confidential material and information with suitable discretion
Preferred
Professional certifications, such as CISSP, CRISC, CISM, CISA, ISO 27001 Lead Auditor/Implementor
Experience developing processes aligned with the third-party risk management lifecycle
Familiarity with information security considerations for vendors leveraging AI or providing AI centric solutions
Company
Simpson Thacher & Bartlett LLP
Simpson Thacher & Bartlett LLP is one of the world’s leading international law firms.
1001-5000 employees
Funding
Current Stage
Late StageLeadership Team
Kelly Stevens
Chief Operating Officer
Alan Turner
Partner
Recent News
2025-10-02
FinTech Global
2025-10-02
Company data provided by crunchbase