Myna Partners
Senior Third-Party Risk Management (TPRM) Analyst
⭐ - Featured Role | Apply direct with Data Freelance Hub
This role is a Senior Third-Party Risk Management (TPRM) Analyst, contract-to-hire, fully remote, with a pay rate of "TBD." Requires 5+ years in GRC, 3+ years in TPRM/ITRM, and expertise in OneTrust. Strong analytical and communication skills essential.
🌎 - Country
United States
💱 - Currency
$ USD
-
💰 - Day rate
Unknown
-
🗓️ - Date
May 21, 2026
🕒 - Duration
Unknown
-
🏝️ - Location
Remote
-
📄 - Contract
Unknown
-
🔒 - Security
Unknown
-
📍 - Location detailed
United States
-
🧠 - Skills detailed
#Compliance #Scala #Documentation #Data Privacy #Visualization #Data Accuracy #Automation #PCI (Payment Card Industry) #Leadership #Data Ingestion #Security
Role description
TPRM Analyst - OneTrust Specialist
Role Type: Contract-to-Hire
Location: Fully Remote
Target Level: Senior / Lead
We are seeking a Senior Third-Party Risk Management (TPRM) Analyst with deep expertise in the OneTrust GRC, Vendor Risk Management (VRM), and IT Risk Management (ITRM) modules. This is not a "button-clicking" role; we operate in a high-volume, "Optimized" environment managing 1,500+ vendors. You will be responsible for leading the optimization, scaling, maturation, and end-to-end assessment lifecycle of our established OneTrust environment.
We operate on a "Reviewer-First" hybrid model. This model demands a dual-capability professional: a skilled "Reviewer" who performs deep, skeptical evidence analysis of IT controls, paired with an "Architect" who can configure, build, tune, and automate the very GRC platform (OneTrust) used to run those assessments.
Core Responsibilities
1. Technical Risk Assessment & "The Reviewer Lens"
• Perform deep technical reviews of SOC2 Type 2 reports, PCI DSS Attestations (AOC/ROC), ISO 27001 certifications, HIPAA compliance documentation, and third-party penetration testing reports for vendors already onboarded into the system.
• Distinguish between a clean report and a "qualified opinion" with significant exceptions, critically evaluating the direct impact of those exceptions on our specific data footprint.
• Evaluate evidence skeptically to ensure supporting documentation actually proves control effectiveness, falls within a valid timeframe, and fully covers the scope of the specific enterprise engagement.
1. OneTrust Architecture & Workflow Optimization
• Manage the OneTrust Third-Party Risk Management and Tech Risk and Compliance modules with advanced "Power User" logic, refining existing environments rather than just managing manual data entry.
• Re-engineer and tune the system's "if-then" rules, scoring logic, and risk assessment questionnaires to efficiently automate scale across 1,500+ vendors.
• Architect, modify, and streamline complex workflow rules to adapt to changing regulatory requirements, compliance inventories, and business needs.
• Configure and maintain Attribute Mapping logic to ensure assessments trigger appropriately based on inherent risk data provided during the initial intake phase.
• Optimize Assessment Automation workflows to ensure a seamless, automated data handoff from the internal intake team platform to the risk team, aggressively eliminating process bottlenecks.
• Maintain strong ecosystem awareness, ensuring OneTrust seamlessly interfaces with the broader corporate IT and security ecosystem to remain scalable and aligned with enterprise goals.
1. End-to-End Risk Lifecycle Governance
• Drive accountability for Very High and High-Risk remediation by collaborating with internal stakeholders, coordinating with vendors, and keeping risk records current until remediation is fully resolved.
• Document every stage of the remediation and exception lifecycle within OneTrust to ensure a bulletproof, defensible audit trail.
• Negotiate remediation timelines with vendor security teams, balancing business urgency with security necessity, and making independent executive calls on the appropriateness of provided evidence and timelines.
1. Scale, Queue & Executive Dashboard Management
• Directly manage a high-volume assessment queue using self-designed Remediation Aging Reports and OneTrust-native dashboards to maintain complete operational visibility.
• Apply advanced prioritization logic to effectively balance critical vendor renewals against low-risk, high-priority stakeholder requests.
• Identify and eliminate redundant manual steps in the assessment workflow to maintain our "Optimized" program status.
• Utilize the OneTrust PowerBI Reporting Center and internal data schemas to design, configure, and maintain advanced visualizations, tracking vendor risk trends, performance, and remediation health.
• Translate internal GRC data into actionable executive insights, ensuring all risk posture visibility remains clear and digestible for leadership.
Required Qualifications
• Experience: 5+ years in GRC, with at least 3 years specifically focused on TPRM/ITRM scaling and maturation within a high-volume environment managing 1,000+ vendors.
• Practical Platform Expertise over Badges: While formal OneTrust certifications are a nice-to-have, we prioritize deep, practical, "hands-on-keyboard" experience modifying platform architectures, configuring data schemas, and fixing complex workflows over theoretical certifications.
• Multi-Framework Compliance Mastery: Expert-level knowledge mapping, operationalizing, and managing IT controls across diverse frameworks, specifically SOC2 Trust Services Criteria, NIST 800-53, ISO 27001, PCI-DSS 4.0, and HIPAA
• Autonomous Executive Presence: Exceptional communication, presentation, and polished interpersonal skills. Proven track record of evolving a TPRM module with minimal oversight, alongside the capability to independently interface with, present to, and advise senior leadership and stakeholders.
• Analytical Mindset: Demonstrated ability to dissect a lengthy technical SOC2 or testing report into 3 to 5 high-impact "Risk Summary" bullets tailored for CISO-level visibility.
Preferred Skills
• Advanced experience with OneTrust Custom Reporting and managing data ingestion from internal corporate intake platforms into the risk module.
• Deep understanding of data schemas within the OneTrust PowerBI Reporting Center to optimize custom dashboard performance and data accuracy.
• Professional background in the retail or e-commerce sectors, specifically dealing with third-party digital oversight, point-of-sale (POS) environments, and consumer data privacy standards.
TPRM Analyst - OneTrust Specialist
Role Type: Contract-to-Hire
Location: Fully Remote
Target Level: Senior / Lead
We are seeking a Senior Third-Party Risk Management (TPRM) Analyst with deep expertise in the OneTrust GRC, Vendor Risk Management (VRM), and IT Risk Management (ITRM) modules. This is not a "button-clicking" role; we operate in a high-volume, "Optimized" environment managing 1,500+ vendors. You will be responsible for leading the optimization, scaling, maturation, and end-to-end assessment lifecycle of our established OneTrust environment.
We operate on a "Reviewer-First" hybrid model. This model demands a dual-capability professional: a skilled "Reviewer" who performs deep, skeptical evidence analysis of IT controls, paired with an "Architect" who can configure, build, tune, and automate the very GRC platform (OneTrust) used to run those assessments.
Core Responsibilities
1. Technical Risk Assessment & "The Reviewer Lens"
• Perform deep technical reviews of SOC2 Type 2 reports, PCI DSS Attestations (AOC/ROC), ISO 27001 certifications, HIPAA compliance documentation, and third-party penetration testing reports for vendors already onboarded into the system.
• Distinguish between a clean report and a "qualified opinion" with significant exceptions, critically evaluating the direct impact of those exceptions on our specific data footprint.
• Evaluate evidence skeptically to ensure supporting documentation actually proves control effectiveness, falls within a valid timeframe, and fully covers the scope of the specific enterprise engagement.
1. OneTrust Architecture & Workflow Optimization
• Manage the OneTrust Third-Party Risk Management and Tech Risk and Compliance modules with advanced "Power User" logic, refining existing environments rather than just managing manual data entry.
• Re-engineer and tune the system's "if-then" rules, scoring logic, and risk assessment questionnaires to efficiently automate scale across 1,500+ vendors.
• Architect, modify, and streamline complex workflow rules to adapt to changing regulatory requirements, compliance inventories, and business needs.
• Configure and maintain Attribute Mapping logic to ensure assessments trigger appropriately based on inherent risk data provided during the initial intake phase.
• Optimize Assessment Automation workflows to ensure a seamless, automated data handoff from the internal intake team platform to the risk team, aggressively eliminating process bottlenecks.
• Maintain strong ecosystem awareness, ensuring OneTrust seamlessly interfaces with the broader corporate IT and security ecosystem to remain scalable and aligned with enterprise goals.
1. End-to-End Risk Lifecycle Governance
• Drive accountability for Very High and High-Risk remediation by collaborating with internal stakeholders, coordinating with vendors, and keeping risk records current until remediation is fully resolved.
• Document every stage of the remediation and exception lifecycle within OneTrust to ensure a bulletproof, defensible audit trail.
• Negotiate remediation timelines with vendor security teams, balancing business urgency with security necessity, and making independent executive calls on the appropriateness of provided evidence and timelines.
1. Scale, Queue & Executive Dashboard Management
• Directly manage a high-volume assessment queue using self-designed Remediation Aging Reports and OneTrust-native dashboards to maintain complete operational visibility.
• Apply advanced prioritization logic to effectively balance critical vendor renewals against low-risk, high-priority stakeholder requests.
• Identify and eliminate redundant manual steps in the assessment workflow to maintain our "Optimized" program status.
• Utilize the OneTrust PowerBI Reporting Center and internal data schemas to design, configure, and maintain advanced visualizations, tracking vendor risk trends, performance, and remediation health.
• Translate internal GRC data into actionable executive insights, ensuring all risk posture visibility remains clear and digestible for leadership.
Required Qualifications
• Experience: 5+ years in GRC, with at least 3 years specifically focused on TPRM/ITRM scaling and maturation within a high-volume environment managing 1,000+ vendors.
• Practical Platform Expertise over Badges: While formal OneTrust certifications are a nice-to-have, we prioritize deep, practical, "hands-on-keyboard" experience modifying platform architectures, configuring data schemas, and fixing complex workflows over theoretical certifications.
• Multi-Framework Compliance Mastery: Expert-level knowledge mapping, operationalizing, and managing IT controls across diverse frameworks, specifically SOC2 Trust Services Criteria, NIST 800-53, ISO 27001, PCI-DSS 4.0, and HIPAA
• Autonomous Executive Presence: Exceptional communication, presentation, and polished interpersonal skills. Proven track record of evolving a TPRM module with minimal oversight, alongside the capability to independently interface with, present to, and advise senior leadership and stakeholders.
• Analytical Mindset: Demonstrated ability to dissect a lengthy technical SOC2 or testing report into 3 to 5 high-impact "Risk Summary" bullets tailored for CISO-level visibility.
Preferred Skills
• Advanced experience with OneTrust Custom Reporting and managing data ingestion from internal corporate intake platforms into the risk module.
• Deep understanding of data schemas within the OneTrust PowerBI Reporting Center to optimize custom dashboard performance and data accuracy.
• Professional background in the retail or e-commerce sectors, specifically dealing with third-party digital oversight, point-of-sale (POS) environments, and consumer data privacy standards.
