Third-Party Risk Management (TPRM) Analyst

Third-Party Risk Management (TPRM) Analyst

Saronic Technologies is a leader in revolutionizing defense autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations for the Department of Defense (DoD) through autonomous and intelligent platforms. We are seeking a Third-Party Risk Management Analyst to join our Governance, Risk, and Compliance (GRC) team supporting a defense and aerospace organization. In this role, you will be responsible for evaluating, managing, and mitigating risks associated with third-party vendors, suppliers, and service providers. You will work closely with the Business Units, Procurement, Security, Legal, IT, Supply Chain, and Compliance teams to ensure our third parties comply with NIST SP 800-171, DFARS 252.204-7012, CMMC, and ITAR / EAR obligations and meet contractual requirements.

This position is ideal for a professional with 35 years of experience in third-party risk management, vendor due diligence, or related cybersecurity compliance functions who thrives in a dynamic, mission-driven environment. This role contributes directly to safeguarding sensitive defense data, maintaining compliance across the third-party ecosystem, and strengthening supply chain resilience.

Responsibilities

• Conduct inherent and residual risk assessments of third parties based on data classification, service criticality, geographic exposure, and regulatory obligations.
• Perform due diligence reviews, including security and compliance questionnaires, evidence validation, and documentation of control effectiveness.
• Partner with Business Units, Procurement, Legal, Information Security, and Compliance to ensure timely onboarding, risk evaluation, and remediation tracking to closure and follow-up validation.
• Support continuous monitoring activities, including periodic risk assessments, sanctions screening, and adverse-media reviews across the vendor lifecycle.
• Monitor and analyze third-party performance, incidents, and risk indicators to identify emerging risk and trends.
• Collaborate with cross-functional teams to ensure adherence to defense-specific standards and regulatory frameworks (e.g., NIST SP 800-171, DFARS, CMMC, ITAR).
• Support the design and enhancement of TPRM workflows, including process automation and data-driven risk analytics.
• Assist in developing and maintaining the third-party inventory, ensuring all vendor profiles, tier classifications, and risk ratings are accurately captured, continuously updated, and aligned with program governance requirements.
• Create and maintain executive dashboards and risk reports summarizing vendor posture, risk trends, and remediation progress for leadership.
• Assist in regulatory, customer, and internal audits, ensuring third-party documentation and evidence meet defense-sector and compliance requirements.

Required Qualifications

Preferred Qualifications

Saronic does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.