Third-Party Risk Management (TPRM) Analyst
Saronic
Austin, United States
October 24, 2025
Apply NowThird-Party Risk Management (TPRM) Analyst
Austin, Texas
Cybersecurity /
Full Time /
On-site
Saronic Technologies is a leader in revolutionizing defense autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations for the Department of Defense (DoD) through autonomous and intelligent platforms.
We are seeking a Third-Party Risk Management Analyst to join our Governance, Risk, and Compliance (GRC) team supporting a defense and aerospace organization. In this role, you will be responsible for evaluating, managing, and mitigating risks associated with third-party vendors, suppliers, and service providers. You will work closely with the Business Units, Procurement, Security, Legal, IT, Supply Chain, and Compliance teams to ensure our third parties comply withNIST SP 800-171, DFARS , CMMC, and ITAR/EAR obligationsand meet contractual requirements.
This position is ideal for a professional with 3–5 years of experience in third-party risk management, vendor due diligence, or related cybersecurity compliance functions who thrives in a dynamic, mission-driven role contributes directly to safeguarding sensitive defense data, maintaining compliance across the third-party ecosystem, and strengthening supply chain resilience.
Responsibilities
- Conduct inherent and residual risk assessments of third parties based on data classification, service criticality, geographic exposure, and regulatory obligations.
- Perform due diligence reviews, including security and compliance questionnaires, evidence validation, and documentation of control effectiveness.
- Partner with Business Units, Procurement, Legal, Information Security, and Compliance to ensure timely onboarding, risk evaluation, and remediation tracking to closure and follow-up validation.
- Support continuous monitoring activities, including periodic risk assessments, sanctions screening, and adverse-media reviews across the vendor lifecycle.
- Monitor and analyze third-party performance, incidents, and risk indicators to identify emerging risk and trends.
- Collaborate with cross-functional teams to ensure adherence to defense-specific standards and regulatory frameworks (e.g., NIST SP 800-171, DFARS, CMMC, ITAR).
- Support the design and enhancement of TPRM workflows, including process automation and data-driven risk analytics.
- Assist in developing and maintaining the third-party inventory, ensuring all vendor profiles, tier classifications, and risk ratings are accurately captured, continuously updated, and aligned with program governance requirements.
- Create and maintainexecutive dashboards and risk reports summarizing vendor posture, risk trends, and remediation progress for leadership.
- Assist in regulatory, customer, and internal audits, ensuring third-party documentation and evidence meetdefense-sector and compliance requirements.
Required Qualifications
- Bachelor’s degree in business administration, risk management, information security, cybersecurity, or related discipline (or equivalent work experience).
- 3–5 years of hands-on experience in third-party risk management, supply chain risk management (SCRM), cybersecurity governance, or compliance.
- Working knowledge of defense and federal regulatory frameworks, including NIST SP 800-171, DFARS , CMMC Levels 1–2, ITAR/EAR, ISO 27001, and SOC 2.
- Demonstrated experience performing vendor risk assessments, evaluating due diligence evidence, documenting findings, and tracking remediation through closure.
- Solid understanding of information security principles, data protection requirements, and control frameworks relevant to defense supply chains.
- Proven project management and coordination skills, with the ability to manage multiple concurrent assessments in a deadline-driven environment.
- Strong written and verbal communication skills, including the ability to translate technical risks into business-level insights and recommendations for leadership.
- Proficient in Microsoft 365, Excel-based risk scoring models, and GRC/TPRM platforms (e.g., ServiceNow, Archer, ProcessUnity, OneTrust).
- Strong analytical and critical-thinking skills, with the ability to identify and assess emerging risks proactively.
- Excellent interpersonal and communication skills, with the ability to collaborate effectively across business units, technical teams, and leadership levels.
- High attention to detail with strong organizational and time-management abilities.
- Proven ability to prioritize tasks and manage competing deadlines in a fast-paced, mission-critical environment.
- Strong sense of ethics, confidentiality, and commitment to national security compliance.
Preferred Qualifications
- Experience working in or supporting defenseor government contracting environments.
- Familiarity with SCRM (supply chain risk management) principles and continuous monitoring practices.
- Experience with vendor lifecycle management and related legal and contract management processes.
- Prior experience supporting vendor risk program audits or readiness reviews.
- Understanding of export compliance and U.S. Person verification requirements under ITAR/EAR.
- Relevant professional certification(s) such as CTPRP (), CRVPM, CTPRA (), C3PRMP (), CRISC (Certified in Risk and Information Systems Control), or CCP (CMMC Certified Professional).
Benefits:
Medical Insurance: Comprehensive health insurance plans covering a range of services
Saronic pays 100% of the premium for employees and 80% for dependents
Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care
Saronic pays 99% of the premium for employees and 80% for dependents
Time Off: Generous PTO and Holidays
Parental Leave: Paid maternity and paternity leave to support new parents
Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses
Retirement Plan: 401(k) plan
Stock Options: Equity options to give employees a stake in the company’s success
Life and Disability Insurance: Basic life insurance and short- and long-term disability coverage
Additional Perks: Free lunch benefit and unlimited free drinks and snacks in the office
This role requires access to export-controlled information or items that require “U.S. Person” status. As defined by U.S. law, individuals who are any one of the following are considered to be a “U.S. Person”: (1) U.S. citizens, (2) legal permanent residents (a.k.a. green card holders), and (3) certain protected classes of asylees and refugees, as defined in .
Saronic does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.