1

Third Party Cybersecurity Risk Jobs (NOW HIRING)

Third-Party Risk Consultant

Boston, MA · On-site

$86K - $113K/yr

Bachelor's degree, preferably in technology, cybersecurity, risk management, or business-related field * 3+ years of experience in third-party risk management, technology risk, cybersecurity, audit ...

New

Bachelor's degree, preferably in technology, cybersecurity, risk management, or business-related field * 3+ years of experience in third-party risk management, technology risk, cybersecurity, audit ...

New

Third-Party Risk Analyst

Mclean, VA · On-site

$45 - $47/hr

Monitor and document third-party risk and cybersecurity trends. Documentation & Communications * Create professional communications including: * Procedures and guidance * Job aids * PowerPoint ...

next page

Showing results 1-20

Third Party Cybersecurity Risk information

See salary details

$43K

$99.4K

$150K

How much do third party cybersecurity risk jobs pay per year?

As of Jul 16, 2026, the average yearly pay for third party cybersecurity risk in the United States is $99,400.00, according to ZipRecruiter salary data. Most workers in this role earn between $79,500.00 and $115,500.00 per year, depending on experience, location, and employer.

How much does a third party risk analyst make?

A third party risk analyst typically earns between $70,000 and $110,000 annually, depending on experience, location, and industry. Professionals in cybersecurity risk management often hold certifications like CISSP or CRISC, which can influence salary levels.

Is third party risk management a good career?

Third Party Cybersecurity Risk management is a growing field that involves assessing and mitigating risks from external vendors and partners. It requires knowledge of cybersecurity principles, risk assessment tools, and often certifications like CISSP or CISM. The role offers opportunities in various industries with increasing demand due to the importance of supply chain security.

What is third-party risk management in cybersecurity?

Third-party risk management in cybersecurity involves identifying, assessing, and mitigating risks posed by external vendors, suppliers, or partners that have access to an organization’s systems or data. For cybersecurity professionals, this includes evaluating third-party security controls, conducting audits, and ensuring compliance with standards like ISO 27001 or NIST frameworks to reduce potential vulnerabilities. Effective management helps prevent data breaches and maintains the organization’s security posture.

What is the difference between Third Party Cybersecurity Risk vs Cybersecurity Analyst?

AspectThird Party Cybersecurity RiskCybersecurity Analyst
CertificationsISO 27001, CISSP, CISACISSP, CompTIA Security+, CEH
Work EnvironmentVendor assessments, risk management teams, client organizationsSecurity operations centers, IT departments, consulting firms
Industry UsageSupply chain, vendor management, complianceNetwork security, incident response, vulnerability assessment

Third Party Cybersecurity Risk professionals focus on evaluating and managing risks from external vendors and partners, ensuring compliance and reducing supply chain vulnerabilities. Cybersecurity Analysts primarily monitor, analyze, and respond to security threats within an organization’s own systems. While both roles require security certifications and involve risk assessment, their focus areas and work environments differ significantly.

Can you make $500,000 a year in cyber security?

Third Party Cybersecurity Risk professionals can potentially earn $500,000 annually, especially at senior levels or in executive roles such as Chief Information Security Officer (CISO). Achieving this salary typically requires extensive experience, advanced certifications like CISSP or CISM, and leadership responsibilities overseeing large security programs. Compensation varies based on industry, company size, location, and individual expertise.
More about Third Party Cybersecurity Risk jobs
What cities are hiring for Third Party Cybersecurity Risk jobs? Cities with the most Third Party Cybersecurity Risk job openings:
What states have the most Third Party Cybersecurity Risk jobs? States with the most job openings for Third Party Cybersecurity Risk jobs include:
Infographic showing various Third Party Cybersecurity Risk job openings in the United States as of July 2026, with employment types broken down into 92% Full Time, 5% Part Time, and 3% Contract. Highlights an 79% Physical, 5% Hybrid, and 16% Remote job distribution, with an average salary of $99,400 per year, or $47.8 per hour.

Information Security Specialist (Cyber security analysis)

AditiStaffing

Bellevue, WA

Contractor

Re-posted 18 days ago


Job description

Job Description

Job Title: "Information Security Specialist" (Cyber security analysis)

Location: Bellevue WA

Duration: 9+ Months (with high possibility of extending into full time)


Job Description:

This position is in Corporate Information Security and under the direction of the Manager, Third-Party Cybersecurity Assessments. The Cybersecurity Assessment Analyst will perform cybersecurity assessments on new and existing third parties. The Analyst will construct detailed and summary reports of assessments, including customized reports, as needed. The Analyst will work with Subject Matter Experts (SME) to develop and apply risk assessment criteria (aligned with Policy) to new and existing suppliers using internal and external business intelligence. The Analyst will work with Third-Party Risk Management, Privacy and Legal Counsel, Procurement and Contract Managers, Compliance, and Business Owners to develop and maintain an internal service model that informs the business of key risks in a timely manner to limit unnecessary impediments and avoid bureaucracy.

Specific responsibilities:

- Coordinate the development of  information security policies, standards and procedures. Work with key IT offices, data custodians and governance groups in the development of such policies. Ensure that company policies support compliance with external requirements. Oversee the dissemination of policies, standards and procedures to the user community

- Coordinate the development and delivery of an education and training program on information security and privacy matters for employees, other authorized users, and vendors

- Serve as the company compliance officer with respect to state and federal information security policies and regulations. Work with the -designated internal audit, SOX compliance, legal, and HR on compliance issues as necessary. Prepare and submit and submit required reports to external agencies.

- Develop and implement an Incident Reporting and Response System to address  security incidents (breaches), respond to alleged policy violations, or complaints from external parties.

- Serve as the official company contact point for information security, privacy and copyright infringement incidents, including relationships with law enforcement entities.

- Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.

Required Qualifications:

Talent management, results focus and inspirational leadership.

Essential Functions

Conduct third-party cybersecurity risk assessments, applying established criteria

Support assessment team with quality assurance reviews over work product and reporting

Collaborate with internal partners and third parties to mitigate and otherwise resolve third-party cyber risks

Consistently deliver on commitments, deadlines and objectives while remaining in scope and leveraging appropriate tools, methods, frameworks, and professional standards

Demonstrate consistent credibility with business partners and leadership while recommending initiatives, identifying gaps, and potential issues

Continuously demonstrate the ability to work independently while representing the services of the department with the highest level of professionalism

Demonstrate the ability to appropriately influence business decisions, and the professional judgment for selecting the appropriate methods and techniques to do so

Preferred Qualifications:

Solid background both educationally and via professional experience. No less than 3 years' professional experience in business operations, project/program management, finance, risk management, information security, business analytics or similar.

Experience in large companies and/or complex environments, or providing professional consulting services for them.

Demonstrated abilities in problem-solving and analysis: identifies issues, analyses information to assess root cause and relationships, risks, and potential risk responses. Proven ability to synthesize and summarize complex data into concise recommendations and reports.

Demonstrated strong business writing and professional oral communication skills.

Proven ability to balance multiple priorities, adapt to a constantly changing business environment, work independently, drive projects to completion, and meet deadlines in a fast-paced environment-with only periodic supervision.

Ability to work collaboratively and manage and initiate effective cross-functional relationships.

Strong computer skills, including MS Office products (e.g. Word, Excel, PowerPoint, Visio) and other business software to prepare reports, memos, summaries, and analyses.

Desired

Analytical - Synthesizes complex or diverse information; Collects and researches data; employs intuition and experience to complement data; Designs work flows and procedures.

Quality Management - Looks for ways to improve and promote quality; Demonstrates accuracy and thoroughness. Applies feedback to improve performance; Monitors own work to ensure quality

Planning/Organizing - Prioritizes and plans work activities to achieve success; Sets and achieves goals and objectives; Develops realistic action plans

Professionalism - Reacts well under pressure; Keeps commitments; Accepts responsibility for own actions.

Career Growth: Focus on cyber security auditing with potential advancement goals in engineering or threat analysis roles

Self-directed team player with Agile environment experience

Education

Minimum Required

Bachelor's Degree

Equivalent experience is acceptable.

License or Certification

Desired: (one of the following):

CISA (Certified Information Systems Auditor)

GSEC (GIAC Security Essentials Certification)

CompTIA - Security+

ECSA - EC-Council Certified Security Analyst

SSCP (Systems Security Certified Practitioner)

Other:

Six Sigma, PMP or Agile certificates

Other comments - suppliers:

Organizational skills; office suite knowledge; and good communication skills are "must haves". Cyber security analysis experience is preferred.

Additional Information

All your information will be kept confidential according to EEO guidelines.