Third-Party Risk Management (TPRM) Analyst - Saronic

Job Title: Third-Party Risk Management (TPRM) Analyst
Job Location: Austin, Texas
Job Listing URL: https://jobs.lever.co/saronic/db5fc420-7ed6-418e-8c80-fe8d6a2fd98d
Job Description: Saronic Technologies is a leader in revolutionizing defense autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations for the Department of Defense (DoD) through autonomous and intelligent platforms.

We are seeking a Third-Party Risk Management Analyst to join our Governance, Risk, and Compliance (GRC) team supporting a defense and aerospace organization. In this role, you will be responsible for evaluating, managing, and mitigating risks associated with third-party vendors, suppliers, and service providers. You will work closely with the Business Units, Procurement, Security, Legal, IT, Supply Chain, and Compliance teams to ensure our third parties comply withNIST SP 800-171, DFARS 252.204-7012, CMMC, and ITAR/EAR obligationsand meet contractual requirements.

This position is ideal for a professional with 3–5 years of experience in third-party risk management, vendor due diligence, or related cybersecurity compliance functions who thrives in a dynamic, mission-driven environment.This role contributes directly to safeguarding sensitive defense data, maintaining compliance across the third-party ecosystem, and strengthening supply chain resilience.
Responsibilities
Conduct inherent and residual risk assessments of third parties based on data classification, service criticality, geographic exposure, and regulatory obligations.
Perform due diligence reviews, including security and compliance questionnaires, evidence validation, and documentation of control effectiveness.
Partner with Business Units, Procurement, Legal, Information Security, and Compliance to ensure timely onboarding, risk evaluation, and remediation tracking to closure and follow-up validation.
Support continuous monitoring activities, including periodic risk assessments, sanctions screening, and adverse-media reviews across the vendor lifecycle.
Monitor and analyze third-party performance, incidents, and risk indicators to identify emerging risk and trends.
Collaborate with cross-functional teams to ensure adherence to defense-specific standards and regulatory frameworks (e.g., NIST SP 800-171, DFARS, CMMC, ITAR).
Support the design and enhancement of TPRM workflows, including process automation and data-driven risk analytics.
Assist in developing and maintaining the third-party inventory, ensuring all vendor profiles, tier classifications, and risk ratings are accurately captured, continuously updated, and aligned with program governance requirements.
Create and maintainexecutive dashboards and risk reports summarizing vendor posture, risk trends, and remediation progress for leadership.
Assist in regulatory, customer, and internal audits, ensuring third-party documentation and evidence meetdefense-sector and compliance requirements.
Required Qualifications
Bachelor’s degree in business administration, risk management, information security, cybersecurity, or related discipline (or equivalent work experience).
3–5 years of hands-on experience in third-party risk management, supply chain risk management (SCRM), cybersecurity governance, or compliance.
Working knowledge of defense and federal regulatory frameworks, including NIST SP 800-171, DFARS 252.204-7012, CMMC Levels 1–2, ITAR/EAR, ISO 27001, and SOC 2.
Demonstrated experience performing vendor risk assessments, evaluating due diligence evidence, documenting findings, and tracking remediation through closure.
Solid understanding of information security principles, data protection requirements, and control frameworks relevant to defense supply chains.
Proven project management and coordination skills, with the ability to manage multiple concurrent assessments in a deadline-driven environment.
Strong written and verbal communication skills, including the ability to translate technical risks into business-level insights and recommendations for leadership.
Proficient in Microsoft 365, Excel-based risk scoring models, and GRC/TPRM platforms (e.g., ServiceNow, Archer, ProcessUnity, OneTrust).
Strong analytical and critical-thinking skills, with the ability to identify and assess emerging risks proactively.
Excellent interpersonal and communication skills, with the ability to collaborate effectively across business units, technical teams, and leadership levels.
High attention to detail with strong organizational and time-management abilities.
Proven ability to prioritize tasks and manage competing deadlines in a fast-paced, mission-critical environment.
Strong sense of ethics, confidentiality, and commitment to national security compliance.
This role requires the ability to obtain and maintain a security clearance
Preferred Qualifications
Experience working in or supporting defenseor government contracting environments.
Familiarity with SCRM (supply chain risk management) principles and continuous monitoring practices.
Experience with vendor lifecycle management and related legal and contract management processes.
Prior experience supporting vendor risk program audits or readiness reviews.
Understanding of export compliance and U.S. Person verification requirements under ITAR/EAR.
Relevant professional certification(s) such as CTPRP (Certified Third-Party Risk Professional), CRVPM, CTPRA (Certified Third-Party Risk Assessor ), C3PRMP (Certified Third-Party Risk Management Professional), CRISC (Certified in Risk and Information Systems Control), or CCP (CMMC Certified Professional).
Physical Demands
Prolonged periods of sitting and computer work
Occasional standing and walking within the office
Manual dexterity to operate computers and office equipment
Visual acuity to read screens and documents
Occasional reaching or lifting up to 20 pounds (e.g., equipment or supplies)