Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Simpson Thacher & Bartlett LLP

Senior Analyst, Third-Party Security

Simpson Thacher & Bartlett LLP

. Conduct information security due diligence including secure by design reviews, during vendor onboarding, at renewal, and periodic review cycles.

Posted 4/22/2026full-timeNew York City • New York • 🇺🇸 United StatesSenior💰 $160,000 - $190,000 per yearWebsite

Tech Stack

Tools & technologies
AWSAzureCloudCyber SecurityGoogle Cloud Platform

About the role

Key responsibilities & impact
  • Conduct information security due diligence including secure by design reviews, during vendor onboarding, at renewal, and periodic review cycles.
  • Apply a risk-based approach to third party security assessments, including documenting compensating controls and risks acceptances where appropriate.
  • Evaluate third-party architectures, including network connectivity (VPN, reverse proxy), data flows, encryption models, and access controls.
  • Assess risks related to cloud environments (AWS/Azure/GCP), SaaS platforms, and API integrations.
  • Analyze external risk intelligence sources (e.g., BitSight, SecurityScorecard) and correlate with internal findings.
  • Review and challenge secure design, identity/access models (SSO, OAuth, SCIM), and data protection mechanisms.
  • Enhance and maintain a comprehensive vendor inventory, including vendor profiling and inherent risk determination.
  • Enhance and maintain a third-party risk register and track mitigation efforts for identified security risks.
  • Develop and implement strategies to mitigate identified risks, working closely with third parties and internal stakeholders to address security gaps.
  • Support a continuous monitoring program to assess third-party security posture and follow up on identified vulnerabilities and security risks.
  • Partner with general counsel and vendor management to incorporate information security requirements into third-party contracts.
  • Work with internal security teams to investigate and respond to third-party related security incidents.
  • Support and enhance escalation procedures and remediation requirements related to third-party security breaches.
  • Prepare and present third-party risk metrics, dashboards, trends, and highlighted risks to senior management and IT leadership.
  • Contribute to the continuous improvement and scalability of the Firm’s third-party security risk management program.
  • Partner with the Third Party Security Senior Manager to build and enhance strategic objectives of the program.

Requirements

What you’ll need
  • Bachelor’s degree or related experience required
  • 10+ years of progressive experience in information security, third-party risk management, IT risk, or cybersecurity assurance, with at least 3 years focused on third party risk management.
  • Strong understanding of information security controls and frameworks (ISO 27001/27002, NIST CSF, CIS Controls, etc.)
  • Proficient understanding of third-party security domains, including data protection, access controls, incident response and cloud security.
  • Proven ability to perform third-party security risk assessments by reviewing security questionnaires, audit reports, policies and penetration test results to identify control gaps, formulate follow-up inquiries, and document remediation requirements.
  • Deep knowledge of technology supplier ecosystems (software, cloud, IT labor, and infrastructure) and associated risk dynamics.
  • Experience producing clear risk summaries, remediation recommendations, and executive level reporting
  • Familiarity with information security and data protections requirements in third party contracts.
  • Excellent communication skills: clear, structured, and persuasive with the ability to educate and inspire teams around risk and performance ownership.
  • Proven ability to influence stakeholders without direct authority.
  • Ability to work independently and collaboratively in a team environment
  • Demonstrated ability to handle sensitive and/or confidential material and information with suitable discretion.

Benefits

Comp & perks
  • 🌐 Worldwide ❌ Jobs You've Hidden ⭐️ Saved Jobs ✅ Applied Jobs ✉️ Email Alerts 👤 Account Simpson Thacher & Bartlett LLP Website LinkedIn All Job Openings 1001 - 5000 employees Founded 1884 💸 Finance 🏠 Real Estate 📋 Compliance Finance
  • Real Estate
  • Compliance Simpson Thacher & Bartlett LLP is a leading global law firm providing a wide range of legal services to businesses and institutions. The firm specializes in areas such as litigation, banking and credit, capital markets, mergers and acquisitions, real estate, private funds, and more. With a history of over 140 years, it serves clients from its offices in major cities around the world, including New York, London, Tokyo, and São Paulo. Simpson Thacher is known for its work in financial services, private equity, and infrastructure, advising clients on major transactions and regulatory matters. Senior Analyst, Third-Party Security 🔥 1 minute ago 🏢🏡 New York City – Hybrid 💵 $160k - $190k / year ⏰ Full Time 🟠 Senior 👮‍♂️ Cybersecurity / Security Engineer 🦅 H1B Visa Sponsor AWS Azure Cloud Cyber Security Google Cloud Platform Apply Now Find Hiring Managers Customize resume for this job Report problem ☆ Save ☑️ Mark as applied ❌ Hide 📋 Description
  • Conduct information security due diligence including secure by design reviews, during vendor onboarding, at renewal, and periodic review cycles.
  • Apply a risk-based approach to third party security assessments, including documenting compensating controls and risks acceptances where appropriate.
  • Evaluate third-party architectures, including network connectivity (VPN, reverse proxy), data flows, encryption models, and access controls.
  • Assess risks related to cloud environments (AWS/Azure/GCP), SaaS platforms, and API integrations.
  • Analyze external risk intelligence sources (e.g., BitSight, SecurityScorecard) and correlate with internal findings.
  • Review and challenge secure design, identity/access models (SSO, OAuth, SCIM), and data protection mechanisms.
  • Enhance and maintain a comprehensive vendor inventory, including vendor profiling and inherent risk determination.
  • Enhance and maintain a third-party risk register and track mitigation efforts for identified security risks.
  • Develop and implement strategies to mitigate identified risks, working closely with third parties and internal stakeholders to address security gaps.
  • Support a continuous monitoring program to assess third-party security posture and follow up on identified vulnerabilities and security risks.
  • Partner with general counsel and vendor management to incorporate information security requirements into third-party contracts.
  • Work with internal security teams to investigate and respond to third-party related security incidents.
  • Support and enhance escalation procedures and remediation requirements related to third-party security breaches.
  • Prepare and present third-party risk metrics, dashboards, trends, and highlighted risks to senior management and IT leadership.
  • Contribute to the continuous improvement and scalability of the Firm’s third-party security risk management program.
  • Partner with the Third Party Security Senior Manager to build and enhance strategic objectives of the program. 🎯 Requirements
  • Bachelor’s degree or related experience required
  • 10+ years of progressive experience in information security, third-party risk management, IT risk, or cybersecurity assurance, with at least 3 years focused on third party risk management.
  • Strong understanding of information security controls and frameworks (ISO 27001/27002, NIST CSF, CIS Controls, etc.)
  • Proficient understanding of third-party security domains, including data protection, access controls, incident response and cloud security.
  • Proven ability to perform third-party security risk assessments by reviewing security questionnaires, audit reports, policies and penetration test results to identify control gaps, formulate follow-up inquiries, and document remediation requirements.
  • Deep knowledge of technology supplier ecosystems (software, cloud, IT labor, and infrastructure) and associated risk dynamics.
  • Experience producing clear risk summaries, remediation recommendations, and executive level reporting
  • Familiarity with information security and data protections requirements in third party contracts.
  • Excellent communication skills: clear, structured, and persuasive with the ability to educate and inspire teams around risk and performance ownership.
  • Proven ability to influence stakeholders without direct authority.
  • Ability to work independently and collaboratively in a team environment
  • Demonstrated ability to handle sensitive and/or confidential material and information with suitable discretion. Apply Now 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score Similar Jobs Security & Compliance Manager – ISSO / FSO 🕒 Yesterday Tagup, Inc. 11 - 50 Website LinkedIn All Job Openings Security & Compliance Manager leading Tagup’s security and compliance efforts in defense technology. Engaging in national security initiatives and driving compliance with federal standards. 🏢🏡 New York City – Hybrid 💵 $135k - $165k / year 💰 $25k Grant on 2016-11 ⏰ Full Time 🟡 Mid-level 🟠 Senior 👮‍♂️ Cybersecurity / Security Engineer Security Engineer 🕒 5 days ago Clay 11 - 50 Website LinkedIn All Job Openings Security Engineer role at Clay focused on building security primitives and automation. Engage in cloud and application security with hands-on coding responsibilities. 🏢🏡 New York City – Hybrid 💵 $225k - $300k / year ⏰ Full Time 🟡 Mid-level 🟠 Senior 👮‍♂️ Cybersecurity / Security Engineer 🦅 H1B Visa Sponsor AWS Cloud Terraform Cybersecurity Assurance Testing Lead 🕒 5 days ago Guardian Life 5001 - 10000 💸 Finance 🧘 Wellness Website LinkedIn All Job Openings Lead Cybersecurity Assurance Testing operations at Guardian, enhancing application security and risk management. Collaborate with teams to drive improvements in security testing and vulnerability management. 🏢🏡 New York City – Hybrid 💵 $119k - $195.5k / year 💰 Non Equity Assistance on 2016-08 ⏰ Full Time 🟠 Senior 👮‍♂️ Cybersecurity / Security Engineer 🦅 H1B Visa Sponsor Information Security Engineer – Endpoint 🕒 5 days ago Palantir Technologies 1001 - 5000 🤖 Artificial Intelligence 🏛️ Government 🏢 Enterprise Website LinkedIn All Job Openings Information Security Engineer at Palantir focused on Windows and Active Directory security. Responsible for comprehensive security management and incident response for global Windows systems. 🏢🏡 New York City – Hybrid 💵 $145k - $200k / year 💰 $28.8M Post-IPO Equity on 2021-08 ⏰ Full Time 🟡 Mid-level 🟠 Senior 👮‍♂️ Cybersecurity / Security Engineer 🦅 H1B Visa Sponsor Python TypeScript Information Security Engineer – DLP 🕒 6 days ago Palantir Technologies 1001 - 5000 🤖 Artificial Intelligence 🏛️ Government 🏢 Enterprise Website LinkedIn All Job Openings Information Security Engineer focusing on data security and protection at Palantir. Owning global data protection program, facing sophisticated adversaries in data loss prevention. 🏢🏡 New York City – Hybrid 💵 $145k - $200k / year 💰 $28.8M Post-IPO Equity on 2021-08 ⏰ Full Time 🟡 Mid-level 🟠 Senior 👮‍♂️ Cybersecurity / Security Engineer 🦅 H1B Visa Sponsor Cloud Python TypeScript View More Security Engineer Jobs 🌐 Worldwide Built by Lior Neu-ner. I'd love to hear your feedback — Get in touch via DM or support@remoterocketship.com Search Search Jobs by country Search jobs by city Search jobs by job title Search entry-level jobs Search junior-level jobs Search senior-level jobs Search jobs by tech stack Search jobs by contract type Search remote internships Search remote part-time jobs Remote jobs Anywhere in the World Companies Hiring Anywhere in the World Companies Hiring Sales People Anywhere in the World Companies Hiring Software Engineers Anywhere in the World Resources Advice Tips for finding remote jobs Interview questions and answers Resume examples Cover letter examples Post a job Affiliates Privacy policy Terms of service Job board SEO course AI Apply Copilot OpenClaw job finder Jobs by Country Remote jobs anywhere in the world (Worldwide remote jobs) Remote jobs United States Remote jobs Australia Remote jobs Brazil Remote jobs Canada Remote jobs France Remote jobs Ireland Remote jobs Germany Remote jobs Netherlands Remote jobs Spain Remote jobs UK Popular Jobs Remote data analyst jobs Remote customer support jobs Remote executive assistant jobs Remote marketing jobs Remote product designer jobs Remote product manager jobs Remote project manager jobs Remote recruiter jobs Remote sales jobs Remote software engineer jobs Jobs by Type Remote full-time jobs Remote part-time jobs Remote contract jobs Remote internship jobs Remote entry-level jobs Remote jobs with no experience required Remote junior jobs (1-3 years of experience) Digital nomad jobs Remote jobs with no degree required Freelance remote jobs Temporary remote jobs Remote jobs hiring now Stay at home mom jobs

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
information securitythird-party risk managementIT riskcybersecurity assurancerisk assessmentsdata protectionaccess controlsincident responsecloud securitysecurity frameworks
Soft Skills
communication skillsinfluence stakeholdersteam collaborationindependent workdiscretion
Certifications
Bachelor's degreeISO 27001ISO 27002NIST CSFCIS Controls