Sr. Analyst, Third Party Risk Management

At Iron Mountain we know that work, when done well, makes a positive impact for our customers, our employees, and our planet. That’s why we need smart, committed people to join us. Whether you’re looking to start your career or make a change, talk to us and see how you can elevate the power of your work at Iron Mountain.

We provide expert, sustainable solutions in records and information management, digital transformation services, data centers, asset lifecycle management, and fine art storage, handling, and logistics. We proudly partner every day with our 225,000 customers around the world to preserve their invaluable artifacts, extract more from their inventory, and protect their data privacy in innovative and socially responsible ways. 

Are you curious about being part of our growth stor​y while evolving your skills in a culture that will welcome your unique contributions? If so, let's start the conversation.

Third Party Risk Management, Senior Analyst Job Description
Reports to: Manager, Third Party Risk Management
# of direct reports: 0

Job Summary: The role exists in the Information Security Department and reports to the Manager of Third Party Risk Management.  The company’s Third Party Risk Management Program is responsible for providing Iron Mountain's Business Relationship Owners, Employees, and Senior Management with the tools and insight to successfully manage and understand the company’s Third Party Risk exposure. Members of the Third Party Risk team are primarily responsible for the review and assessment of risk mitigating controls of the new and existing suppliers utilized across the firm, as well as for utilizing the tools and processes necessary to appropriately communicate concerns to the business stakeholders.  The position partners with various areas including Procurement, Supplier Relationship Management, Privacy & Compliance, Information Security, Disaster Recovery, Business Continuity and Third Party relationships globally.

Key Responsibilities: 

• Report directly to the Manager of Third Party Risk Management for all things concerning the Third Party Risk Program, maintenance and administration
• Liaise with internal Subject Matter Experts (SMEs) and assessors (reviewers) of external assessment and documentation 
• Assess the control practices and posture of new and existing Third Parties for Iron Mountain (global) 
• Publish news, M&A briefing and track all alerts regarding Third Party relationships in regards to Iron Mountain Critical and High Risk Vendors (utilizing industry standard, real time monitoring tools)
• Support the production of monthly metrics and executive dashboards 
• Translate the results of assessment analysis and findings into business consumable format and deliver those results to business, procurement, legal and other teams to guide risk-based decisions
• Support the evolution and continuous improvement of Third Party Risk Assessment processes, including the development and maintenance of procedures, artifacts, and metrics to be used in the assessment of potential and existing third parties 
• Analyze, design and implement business processes and requirements to ensure compliance with all applicable Iron Mountain policies and procedures
• Support internal and external program audits by providing program overviews and supporting evidence as requested

Minimum Education: 4 Year College Degree 
Minimum Experience: 3-5 years experience in: risk management, procurement, information security,  and/or utilizing large data sets

Preferred Skills:

• Ability to communicate risk management topics/ideas to varied business stakeholders
• Foundational understanding of security and risk management controls and practices
• Strong analytical, mathematical, problem solving mindset
• Ability to analyze data, generate reports and executive dashboards
• Familiarity with Shared Assessments SIG (Standard Information Gathering) toolkits
• Knowledge of the Google Suite 
• Attention to detail
• Ability to learn multiple applications and software