Senior Third-Party Risk Management Analyst

Job Description

COMPLIANCE
What We Do
We help the company do the right thing by identifying, monitoring, and reporting on potential risks in order to support the company's goal of promoting trust in our products and services.
What You'll Do
As a Senior Third-Party Risk Management (TPRM) Analyst, you will play a key role in protecting Epic's ecosystem by leading security-focused due diligence and ongoing oversight of third-party service providers. You will take ownership of high-impact assessments, leverage your deep knowledge of information security and GRC frameworks, and serve as a strategic partner in maturing our third-party risk program. This role will be critical in ensuring third parties align with Epic's security, privacy, and compliance standards, especially within a fast-paced, evolving regulatory environment.
In this role, you will
• Lead third-party risk assessments with a focus on Information Security and GRC, evaluating inherent and residual risks to drive risk-informed decision-making
• Perform in-depth due diligence on prospective and existing vendors, with an emphasis on cybersecurity controls, regulatory compliance (e.g., GDPR, SOC 2, ISO 27001), and data protection practices
• Manage periodic reassessments of high-risk and critical vendors to monitor for emerging threats, changes in control environments, and compliance posture
• Ensure integrity, consistency, and audit-readiness of third-party data within the GRC platform, supporting executive reporting and regulatory compliance
• Collaborate with key stakeholders across Information Security, Privacy, Legal, Procurement, and Business Units to integrate third-party risk insights into broader enterprise risk initiatives
• Provide expert guidance during third-party offboarding, ensuring risk is appropriately retired and that data retention, access, and continuity controls are validated
• Support external audits, internal investigations, and regulatory inquiries by preparing accurate and timely responses related to TPRM practices and control effectiveness while contributing to the enhancement of TPRM policies, playbooks, and metrics to continuously mature the program
What we're looking for
• 5+ years of experience in third-party risk management, information security, IT audit, or GRC, preferably within Gaming, Technology, or Consulting
• Deep understanding of security risk assessment frameworks and best practices (e.g., NIST, ISO 27001, SIG, CSA, etc.)
• Proficiency in GRC platforms such as Archer, OneTrust, ServiceNow, or similar tools, with the ability to lead data analysis and system improvements
• Demonstrated ability to identify and assess security, privacy, and operational risks with a practical and solutions-oriented mindset
• Excellent verbal and written communication skills, with the ability to influence and challenge stakeholders at all levels while maintaining constructive relationships
• Comfortable navigating ambiguity, leading through change, and managing complex or sensitive third-party issues
• Experience with regulatory requirements related to vendor management and data security is strongly preferred
• Comfortable working in a cross-functional environment and adapting to changing business and regulatory requirements

Note to Recruitment Agencies: Epic does not accept any unsolicited resumes or approaches from any unauthorized third party (including recruitment or placement agencies) (i.e., a third party with whom we do not have a negotiated and validly executed agreement). We will not pay any fees to any unauthorized third party. Further details on these matters can be found here.

Jobcode: Reference SBJ-k2oym0-216-73-216-177-42 in your application.