Zenefits

TriNet is a leading provider of comprehensive human resources solutions for small to midsize businesses (SMBs). We enhance business productivity by enabling our clients to outsource their HR function to one strategic partner and allowing them to focus on operating and growing their core businesses. Our full-service HR solutions include features such as payroll processing, human capital consulting, employment law compliance and employee benefits, including health insurance, retirement plans and workers’ compensation insurance. 

TriNet has a nationwide presence and an experienced executive team. Our stock is publicly traded on the NYSE under the ticker symbol TNET. If you’re passionate about innovation and making an impact on the large SMB market, come join us as we power our clients’ business success with extraordinary HR. 

Don't meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single requirement. At TriNet, we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your past experience doesn't align perfectly with every single qualification in the job description, we encourage you to apply anyways. You may just be the right candidate for this or other roles.

A highly skilled and experienced Lead Security Risk Analyst to join our team. In this role, you will be responsible for assessing and 

managing the security risks associated with our organization’s internal systems, cloud systems, third-party vendors and partners. You 

will play a critical role in ensuring the security and integrity of our systems, data, and operations by conducting comprehensive risk 

assessments and implementing effective risk mitigation strategies.

ESSENTIAL DUTIES/RESPONSIBILITIES

• Conduct security risk assessments of identified issues and proposed system changes to evaluate their 

security controls, practices, and overall risk posture.

• Conduct thorough assessments of third-party vendors and partners to evaluate their security controls, 

practices, and overall risk posture.

• Identify and analyze potential security risks and vulnerabilities associated with third-party 

relationships, considering factors such as data confidentiality, integrity, availability, compliance, and 

business continuity.

• Collaborate with cross-functional teams, including Legal, Procurement, IT, and Compliance, to 

establish and enforce third-party risk management policies, procedures, and standards.

• Develop and maintain a comprehensive inventory of all third-party relationships, including risk 

profiles, assessment findings, and remediation plans.

• Perform ongoing monitoring and due diligence of third-party vendors to ensure their adherence to 

contractual obligations and security requirements.

• Stay abreast of emerging security threats, industry best practices, and regulatory requirements related 

to third-party risk management.

• Advise and provide guidance to business units on the selection and engagement of third-party 

vendors, ensuring adequate security controls are in place.

• Collaborate with internal stakeholders to implement and improve processes and tools for efficient 

third-party risk assessment and management.

• Conduct periodic reviews and audits of third-party vendors to evaluate their ongoing compliance with 

security requirements and contractual obligations.

• Prepare and present comprehensive reports and recommendations to senior management, highlighting 

key risks, vulnerabilities, and remediation strategies. 

JOB REQUIREMENTS AND QUALIFICATIONS

Education:

• Bachelor's degree in Computer Science, Information Security, Risk Management, or a related field.

Training Requirements (licenses, programs, or certificates):

• Relevant certifications such as CISSP, CISA, CRISC, or equivalent is highly desirable.

Experience:

• 8+ years of experience in performing security risk assessment, third-party risk management, vendor 

risk assessment, or information security risk analysis, preferably in a senior or leadership role.

• In-depth knowledge of security frameworks, standards, and regulations such as ISO 27001, NIST, 

GDPR, CCPA, etc.

• Strong understanding of information security principles, practices, and technologies, with a focus on 

third-party risk management.

• Demonstrated knowledge of relevant privacy and data protection regulations, as well as familiarity 

with industry standards for security and risk management.

• Experience in conducting risk assessments, vulnerability assessments, and penetration testing of 

third-party systems and networks.

DocuSign Envelope ID: 2428CAFB-7AEF-45FE-ADF4-C2E929C3870E

BAP Req approval for global hiring in Greenhouse

• Familiarity with security tools and technologies used for third-party risk management, such as GRC 

platforms, ProcessUnity, vulnerability scanners, and risk assessment tools.

• Experience with Vulnerability management, threat intelligence, fraud, physical security, cloud, 

application security/SDLC or emerging tech is a plus.

• Excellent analytical and problem-solving skills, with the ability to assess and prioritize risks 

effectively.

Other Knowledge, Skills and Abilities:

• Excellent written and verbal communication skills, interpersonal and collaborative skills. 
• An understanding of business needs and dedication to delivering high-quality, timely, and efficient 

service to the business.

• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, 

effectively assessing the priority and time required to complete each part.

• An ability to work on several tasks simultaneously and pay attention to sources of information from 

inside and outside one’s network within an organization.

• An ability to effectively collaborate across multiple teams and ensure program needs are satisfied 

through interpersonal and trusted communication.

WORK ENVIRONMENT/OTHER INFORMATION (Travel required, physical requirements, on-call schedules, 

etc.)

• Minimal travel required.
• Work remotely with a high sense of personal accountability to complete assigned work.
• The work environment characteristics described here are representative of those an employee 

encounters while performing the essential functions of this job. Reasonable accommodations may be made 

to enable individuals with disabilities to perform the essential functions.

Please Note: TriNet reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Position functions and qualifications may vary depending on business necessity. 

TriNet is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact recruiting@trinet.com to request such an accommodation. 

Read Full Description