Job Description
Job Description
TriNet is a leading provider of comprehensive human resources solutions for small to midsize businesses (SMBs). We enhance business productivity by enabling our clients to outsource their HR function to one strategic partner and allowing them to focus on operating and growing their core businesses. Our full-service HR solutions include features such as payroll processing, human capital consulting, employment law compliance and employee benefits, including health insurance, retirement plans and workers compensation insurance.
TriNet has a nationwide presence and an experienced executive team. Our stock is publicly traded on the NYSE under the ticker symbol TNET. If youre passionate about innovation and making an impact on the large SMB market, come join us as we power our clients business success with extraordinary HR.
Don't meet every single requirement Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single requirement. At TriNet, we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your past experience doesn't align perfectly with every single qualification in the job description, we encourage you to apply anyways. You may just be the right candidate for this or other roles.
A highly skilled and experienced Lead Security Risk Analyst to join our team. In this role, you will be responsible for assessing and
managing the security risks associated with our organizations internal systems, cloud systems, third-party vendors and partners. You
will play a critical role in ensuring the security and integrity of our systems, data, and operations by conducting comprehensive risk
assessments and implementing effective risk mitigation strategies.
Essential Duties/Responsibilities
Conduct security risk assessments of identified issues and proposed system changes to evaluate their
security controls, practices, and overall risk posture.
Conduct thorough assessments of third-party vendors and partners to evaluate their security controls,
practices, and overall risk posture.
Identify and analyze potential security risks and vulnerabilities associated with third-party
relationships, considering factors such as data confidentiality, integrity, availability, compliance, and
business continuity.
Collaborate with cross-functional teams, including Legal, Procurement, IT, and Compliance, to
establish and enforce third-party risk management policies, procedures, and standards.
Develop and maintain a comprehensive inventory of all third-party relationships, including risk
profiles, assessment findings, and remediation plans.
Perform ongoing monitoring and due diligence of third-party vendors to ensure their adherence to
contractual obligations and security requirements.
Stay abreast of emerging security threats, industry best practices, and regulatory requirements related
to third-party risk management.
Advise and provide guidance to business units on the selection and engagement of third-party
vendors, ensuring adequate security controls are in place.
Collaborate with internal stakeholders to implement and improve processes and tools for efficient
third-party risk assessment and management.
Conduct periodic reviews and audits of third-party vendors to evaluate their ongoing compliance with
security requirements and contractual obligations.
Prepare and present comprehensive reports and recommendations to senior management, highlighting
key risks, vulnerabilities, and remediation strategies.
Education
JOB REQUIREMENTS AND QUALIFICATIONS
Bachelor's degree in Computer Science, Information Security, Risk Management, or a related field.
Training Requirements (licenses, Programs, Or Certificates)
Relevant certifications such as CISSP, CISA, CRISC, or equivalent is highly desirable.
Experience
8+ years of experience in performing security risk assessment, third-party risk management, vendor
risk assessment, or information security risk analysis, preferably in a senior or leadership role.
In-depth knowledge of security frameworks, standards, and regulations such as ISO 27001, NIST,
GDPR, CCPA, etc.
Strong understanding of information security principles, practices, and technologies, with a focus on
third-party risk management.
Demonstrated knowledge of relevant privacy and data protection regulations, as well as familiarity
with industry standards for security and risk management.
Experience in conducting risk assessments, vulnerability assessments, and penetration testing of
third-party systems and networks.
DocuSign Envelope ID: 2428CAFB-7AEF-45FE-ADF4-C2E929C3870E
BAP Req approval for global hiring in Greenhouse
Familiarity with security tools and technologies used for third-party risk management, such as GRC
platforms, ProcessUnity, vulnerability scanners, and risk assessment tools.
Experience with Vulnerability management, threat intelligence, fraud, physical security, cloud,
application security/SDLC or emerging tech is a plus.
Excellent analytical and problem-solving skills, with the ability to assess and prioritize risks
effectively.
Other Knowledge, Skills And Abilities
Excellent written and verbal communication skills, interpersonal and collaborative skills.
An understanding of business needs and dedication to delivering high-quality, timely, and efficient
service to the business.
Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts,
effectively assessing the priority and time required to complete each part.
An ability to work on several tasks simultaneously and pay attention to sources of information from
inside and outside ones network within an organization.
An ability to effectively collaborate across multiple teams and ensure program needs are satisfied
through interpersonal and trusted communication.
WORK ENVIRONMENT/OTHER INFORMATION (Travel Required, Physical Requirements, On-call Schedules,
etc.)
Minimal travel required.
Work remotely with a high sense of personal accountability to complete assigned work.
The work environment characteristics described here are representative of those an employee
encounters while performing the essential functions of this job. Reasonable accommodations may be made
to enable individuals with disabilities to perform the essential functions.
Please Note: TriNet reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Position functions and qualifications may vary depending on business necessity.
TriNet is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact [Confidential Information] to request such an accommodation.