Third Party Risk Management Analyst

Job Description

About the Role

The New York Times is looking for an enthusiastic professional to join the Governance, Risk and Compliance team as a Risk Management Analyst, focusing predominantly on Third Party Risk Management (TPRM).

The Governance, Risk & Compliance team is responsible for the Risk Governance, Risk Frameworks and Risk Issue Management related to systems, infrastructure, processes and third parties. In addition, the team manages global Policy Governance, Compliance monitoring and reporting, PCI Compliance, and system administration of our Integrated Risk Management solution. The team works across the company and in particular with Technology, Legal, Finance, Human Resources, and Data Governance.

The Analyst will function as a risk assessor with a focus on identifying gaps in technology and data processes, controls and security for our third parties. You will be the main contact for the TPRM process, tracking risks and remediation in our Integrated Risk Management solution, managing the relationships with Third Party Business Relationship Owners and reporting key metrics to senior management. In addition, you will work with stakeholders to reach agreement in order to recommend and/or design new controls to support technology security and data protection.

  • Responsible for third party risk assessments: assessing controls, processes and/or systems to identify the threats and vulnerabilities that lead to a risk
  • Analyze system and data gaps to identify and report impact and likelihood to the business via qualitative and quantitative metrics
  • Conduct root cause analysis of problems and apply business knowledge and practical experience to recommend/implement controls and enhancements
  • Ensure processes are fully met in line with company guidelines, policies and standards; and support compliance reviews, testing and audits
  • Work with cross functional teams and partners across the organization to address support and project activities
  • Support build out of TPRM process within Integrated Risk Management solution
  • Maintain working knowledge of security and compliance technology trends and best practices

As a Risk Analyst, you should:
  • Be highly organized and detail-oriented, with strong analytical problem solving skills
  • Be able to handle multiple tasks in a fast-paced, deadline-driven environment, while working both independently and as part of a team.
  • Display excellent verbal and written communication and interpersonal skills.

  • 3+ years in Governance, Risk & Compliance, audit or the field of cybersecurity
  • 2+ years experience in:
    • Conducting Third Party Risk Assessments
    • Working understanding of the NIST Cybersecurity Framework

Preferred Qualifications:
  • Current industry knowledge in the fields of risk management and technology.
  • Experience with industry standard third party risk assessments including the SIG, TrueSight, etc.
  • Experience with PCI DSS


The New York Times is committed to a diverse and inclusive workforce, one that reflects the varied global community we serve. Our journalism and the products we build in the service of that journalism greatly benefit from a range of perspectives, which can only come from diversity of all types, across our ranks, at all levels of the organization. Achieving true diversity and inclusion is the right thing to do. It is also the smart thing for our business. So we strongly encourage women, veterans, people with disabilities, people of color and gender nonconforming candidates to apply.

The New York Times Company is an Equal Opportunity Employer and does not discriminate on the basis of an individual's sex, age, race, color, creed, national origin, alienage, religion, marital status, pregnancy, sexual orientation or affectional preference, gender identity and expression, disability, genetic trait or predisposition, carrier status, citizenship, veteran or military status and other personal characteristics protected by law. All applications will receive consideration for employment without regard to legally protected characteristics. The New York Times Company will consider qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local "Fair Chance" laws.