Instructional Design

Learning & Development

Higher Ed

K-12

Sales

Customer Success

Product Development

Software Engineering

Academic Advising

Marketing

Fully Remote

All Jobs

Companies
About Post a job
Existing employer? Sign in
edtech.com
Elsevier logo

Elsevier

3rd Party Risk Analyst

🇺🇸 Philadelphia, PA

🕑 Full-Time

💰 TBD

💻 Cybersecurity

🗓️ July 2nd, 2025

CISM CISSP ISO 27001

Edtech.com's Summary

Elsevier is hiring a 3rd Party Risk Analyst. The role involves analyzing third-party risks, managing vendor security reviews, and improving continuous monitoring to reduce risk exposure within the enterprise security program. The analyst supports operational activities and advances the maturity of the Third Party Risk Management program under the Governance, Risk & Compliance team.

Highlights
  • Perform end-to-end third-party vendor risk assessments, including intake, validation, tiering, findings analysis, and off-boarding.
  • Monitor vendor alerts using continuous monitoring tools like SafeOne, and coordinate remediation efforts with stakeholders.
  • Lead updates to vendor questionnaires, tiering logic, and intake processes to enhance the TPRM program.
  • Maintain accurate vendor offboarding and inventory reconciliation with procurement.
  • Document vendor onboarding workflows and streamline processes to reduce redundancy.
  • Serve as liaison among internal Elsevier/RELX teams, external vendors, and Elsevier customers.
  • Track and report on third-party lifecycle KPIs, KRIs, reassessments, and remediation.
  • Apply Elsevier Risk Management policies to conduct risk identification, evaluation, and monitoring activities.
  • Required skills include experience with FAIR Framework, cybersecurity, vendor risk management, and GRC platforms such as SafeOne, OneTrust, AuditBoard.
  • Knowledge of ISO 27001, SOC2, NIST CSF, SIG frameworks, vulnerability management, and automation workflows; certifications like CISSP, CISM, CRISC, or OpenFAIR are preferred.

3rd Party Risk Analyst Full Description

3rd Party Risk Analyst
Philadelphia, PA
Alpharetta, GA
Full time

Third Party Risk Analyst 
Are you passionate about identifying and managing third-party risks that could impact business continuity, security, or compliance?

About the role, the 3rd Party Risk Analyst will analyze risks and help operate the enterprise security program, including vendor risk management. This role supports Elsevier’s Information Security and Data Protection (ISDP) program under the Governance, Risk & Compliance (GRC) team. This position is responsible for conducting and maturing vendor security reviews, improving continuous monitoring processes, conducting cyber risk quantification as necessary, and reducing third-party risk exposure. This role supports both operational activities and programmatic improvements aimed at elevating the TPRM program maturity. 

About the team- This team is looking to double in size, our corporate GRC team (part of the Technology Information Security & Data Protection organization) focuses on ensuring information security standards and regulatory compliance across the enterprise.

Requirements
  • Familiar with the Factor Analysis of Information Risk (FAIR) Framework
  • Possess current experience in cybersecurity, with at least 3 years in third-party/vendor risk management.
  • Proficiency with GRC platforms (e.g., SafeOne, OneTrust, AuditBoard).
  • Understanding of ISO 27001, SOC2, NIST CSF , SIG, and third-party risk assessment frameworks.
  • Ability to respond to security artifacts, questionnaires, and monitoring data.
  • Experience with leading or owning key aspects of a TPRM program in a distributed enterprise environment.
  • Knowledge of vulnerability management, security tiering, and risk remediation.
  • Familiarity with automation workflows and data quality governance.
  • CISSP, CISM, CRISC, OpenFAIR or related certification.

Responsibilities
  • Vendor Risk Assessments: Performing end-to-end third-party reviews including intake, documentation validation, tier assignment, findings analysis, follow-up communications, and vendor off-boarding.
  • Monitoring & Remediation: Reviewing and prioritizing vendor alerts from continuous monitoring tools (e.g., SafeOne). Coordinate with applicable stakeholders and business owners to assign, track, and close remediation actions.
  • Program Improvement: Leading efforts in updating vendor questionnaires, enhancing tiering logic, and consolidating intake processes across platforms, including impact analysis work sheets, Zip and OneTrust.
  • Offboarding & Inventory Accuracy: Conducting offboarding verification and data reconciliation with procurement to ensure expired vendors are properly offboarded and archived.
  • Process Documentation: Mapping vendor onboarding workflows and maintain documentation to support a unified entry point and reduce redundancy.
  • Stakeholder Support: Acting as a key liaison with all stakeholders, including internal Elsevier and RELX teams, external vendors, and Elsevier customers, as required.
  • Reporting & Metrics: Maintaining and reporting on status of third-party lifecycle KPIs, KRIs, reassessment tracking, and findings resolution activities.
  • Additional Risk Management Activities: Leveraging the Elsevier Risk Management policy, processes, standards and procedures to conduct risk–related activities including risk identification, analysis, evaluation, monitoring, and reporting, as required. 

Elsevier employs 9,500 people worldwide, including over 2,500 technologists. We have supported the work of our research and health partners for more than 140 years. Growing from our roots in publishing, we offer knowledge and valuable analytics that help our users make breakthroughs and drive societal progress. Elsevier is part of RELX a global provider of information-based analytics and decision tools for professional and business customers.

Working for you
We know that your wellbeing and happiness are key to a long and successful career. 

These are some of the benefits we are delighted to offer:
- Health Benefits: Comprehensive, multi-carrier program for medical, dental and vision benefits
- Retirement Benefits: 401(k) with match and an Employee Share Purchase Plan
- Wellbeing: Wellness platform with incentives, Headspace app subscription, Employee Assistance and Time-off Programs
- Short-and-Long Term Disability, Life and Accidental Death Insurance, Critical Illness, and Hospital Indemnity
- Family Benefits, including bonding and family care leaves, adoption and surrogacy benefits
- Health Savings, Health Care, Dependent Care and Commuter Spending Accounts
- Up to two days of paid leave each to participate in Employee Resource Groups and to volunteer with your charity of choice
-----------------------------------------------------------------------
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1-855-833-5120.
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here.

Please read our Candidate Privacy Policy.
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.

USA Job Seekers:

Similar Jobs

Risk Analyst

Elsevier

🇺🇸 Philadelphia, PA

Senior 3rd Party Risk Analyst

Elsevier

🇺🇸 Hybrid - Philadelphia, PA

Junior Security Analyst

Hofstra University

🇺🇸 Hempstead, NY

Risk Analyst

Columbia University

🇺🇸 Hybrid - Morningside, NY

Director of Information Security

Hofstra University

🇺🇸 Hempstead, OR