The Cybersecurity Analyst will support Third-Party Risk Management and Vendor Risk Assessments, conduct risk assessments, monitor third-party risks, and maintain accurate documentation. The role involves creating reports, enhancing risk metrics, supporting audits, and participating in GRC activities.
Work with a Top 20 CPA and advisory firm that Accounts for Anything. Aprio has 40 U.S. office locations, as well as international office locations and more than 3,200 team members that speak 60+ languages across the globe. By bringing together proven expertise, deep understanding, and strategic foresight for fast-growing industries, Aprio ensures clients are prepared for wherever life or business may take them. Discover a top-rated culture, vast growth opportunities and your next big career move with Aprio.
Join Aprio's Business Operations IT team and you will help clients maximize their opportunities. Aprio is a progressive, fast-growing firm looking for a Cybersecurity Analyst to join their dynamic team.
We are seeking a highly motivated GRC Analyst to support our Third-Party Risk Management (TPRM) and Vendor Risk Assessment program. This role is critical to ensuring that third-party risks are identified, assessed, monitored, and reported effectively across the organization. The ideal candidate brings hands-on experience with third-party assessments, strong analytical and reporting skills, and the ability to learn and adapt quickly in a dynamic environment. In addition to vendor risk responsibilities, the analyst will support other GRC activities as business needs evolve.
Position Responsibilities:
- Execute end-to-end third-party and vendor risk assessments, including inherent risk scoring, due diligence reviews, and residual risk evaluation
- Review and analyze third-party artifacts such as SOC reports, ISO certifications, policies, procedures, and security questionnaires
- Identify control gaps, document risk issues, and track remediation activities with vendors and internal stakeholders
- Support onboarding of new vendors and periodic reassessments of existing third parties
- Maintain accurate third-party risk documentation in GRC or vendor risk management tools
- Develop, maintain, and enhance risk metrics, dashboards, and reporting for third-party risk
- Track key performance indicators (KPIs) and key risk indicators (KRIs) related to vendor risk, assessment cycle times, remediation status, and risk trends
- Prepare materials for leadership and executive-level reporting, translating risk data into clear, actionable insights
- Support audits, regulatory exams, and internal reviews related to third-party risk management
- Assist with additional GRC activities as needed, including policy management, risk assessments, control testing, and compliance initiatives
- Support alignment with recognized frameworks and standards (e.g., NIST CSF, ISO 27001, SOC, FFIEC, or similar)
- Participate in continuous improvement of GRC processes, templates, and methodologies
- Collaborate with cross-functional teams including Security, IT, Legal, Procurement, Privacy, and Business Owners
Third-Party & Vendor Risk Management
Reporting, Metrics & Executive Support
Broader GRC Support
Required Qualifications:
- 2+ years of experience in Third-Party Risk Management, Vendor Risk Assessments, or GRC-related roles
- Demonstrated experience conducting or supporting third-party risk assessments
- Strong understanding of information security and risk management concepts
- Proven ability to produce clear reporting, metrics, and dashboards
- Strong analytical, organizational, and documentation skills
- Ability to learn quickly, adapt to changing priorities, and manage multiple assessments simultaneously
- Effective written and verbal communication skills
Preferred Qualifications
- Experience with GRC or TPRM tools (e.g., Archer, ServiceNow GRC, OneTrust, Riskonnect, or similar)
- Familiarity with regulatory and industry standards impacting third-party risk
- Experience supporting audits or regulatory examinations
- Relevant certifications (e.g., CISA, CRISC, CISSP, CTPRP, or similar)
The application window is anticipated to close on 6/5/26 and may be extended as needed.
Why work for Aprio:
Whether you are just starting out, looking to advance into management or searching for your next leadership role, Aprio offers an opportunity to grow with a future-focused, innovative firm.
Perks/Benefits we offer for full-time team members:
- Medical, Dental, and Vision Insurance on the first day of employment
- Flexible Spending Account and Dependent Care Account
- 401k with Profit Sharing
- 9+ holidays and discretionary time off structure
- Parental Leave – coverage for both primary and secondary caregivers
- Tuition Assistance Program and CPA support program with cash incentive upon completion
- Discretionary incentive compensation based on firm, group and individual performance
- Incentive compensation related to origination of new client sales
- Top rated wellness program
- Flexible working environment including remote and hybrid options
What’s in it for you:
- Working with an industry leader: Be part of a high-growth firm that is passionate for what’s next.
- An awesome culture: Thirty-one fundamental behaviors guide our culture every day ensuring we always deliver an exceptional team-member and client experience. We call it the Aprio Way. This shared mindset creates lasting relationships between team members and with clients.
- A great team: Work with a high-energy, passionate, caring and ambitious team of professionals in a collaborative culture.
- Entrepreneurship: Have the freedom to innovate and bring your ideas to help us grow to become the CPA firm of choice nationally.
- Growth opportunities: Grow professionally in an environment that fosters continuous learning and advancement.
- Competitive compensation: You will be rewarded with competitive compensation, industry-leading benefits and a flexible work environment to enjoy work/life balance.
EQUAL OPPORTUNITY EMPLOYER
Aprio is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race; color; religion; national origin; sex; pregnancy; sexual orientation; gender identity and/or expression; age; disability; genetic information, citizenship status; military service obligations or any other category protected by applicable federal, state, or local law.
Aprio, LLP and Aprio Advisory Group, LLC, operate in an alternative business structure, with Aprio Advisory Group, LLC providing non-attest tax and consulting services, and Aprio, LLP providing CPA firm services.
Top Skills
Archer
Ffiec
Grc
Iso 27001
Nist Csf
Onetrust
Riskonnect
Servicenow Grc
Soc
Tprm
Similar Jobs
Cloud • Information Technology • Security • Software
The VP of Channel & Strategic Alliances will build and execute strategy for partnerships, drive revenue growth, and manage a cross-functional team, focusing on cultivating relationships with global consulting firms and developing marketing strategies.
Top Skills:
AIGrcMarketingSales
Cloud • Fintech • Food • Information Technology • Software • Hospitality
The Senior Product Manager, GTM Technology will lead product strategy and execution for GTM systems, enhance user experiences, and drive revenue growth through improved internal tooling and collaboration with cross-functional teams.
Top Skills:
BrazeGainsightHubspotSalesforce
Cloud • Fintech • Food • Information Technology • Software • Hospitality
As a Lead Salesforce Developer, you'll drive Salesforce solution development, mentor developers, oversee deployments, and lead technical excellence within the team.
Top Skills:
ApexCi/CdGitLwcRestSalesforceSoap
What you need to know about the Colorado Tech Scene
With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
