Third Party Risk Analyst bei Wrench Group

Wrench Group is seeking an experienced Third-Party Risk Analyst to play a critical role in Wrench Group’s Data Governance, Privacy & Protection program. Reporting to the Director of Data Governance, Privacy & Protection, this role is responsible for assessing, monitoring, and mitigating risks associated with third-party vendors and partners. The Analyst will also guide contract lifecycle management activities, ensuring that vendor agreements align with company policies, regulatory requirements, and risk tolerance. This position requires strong cross-functional collaboration with Legal, Cybersecurity, IT, Finance, and business units to ensure third-party engagements are secure, compliant, and strategic.

Please note:  We are interested in every qualified candidate who is eligible to work in the United States. However, we are not able to sponsor visas needed now or in the future. 

Wrench Group is a national leader in home repair, replacement, and maintenance services specializing in heating, ventilation and air conditioning, plumbing, water, and electrical services. Our partner locations have developed strong reputations with brands that date back to the 1940s. At Wrench Group, we are a group of like-minded individuals focused on achieving the highest customer satisfaction possible through our strong network of technicians, sales, customer service, and support staff.  Our business model looks to partner with organizations that have great leadership and proven winning cultures. The focus is supporting businesses that already have a proven track record to help them accelerate growth and deliver customer thrill at every touchpoint. 

What's In It For Me?

• Competitive Compensation ($90,000-$105,000 based on YOE and professional skills background)
• Bonus Eligible position at 10% of Base Salary, Annually
• Health, Vision and Dental plans for you and your family to choose from
• 401K Retirement Plan: company will match 30% up to the first 6% of your
  contributed amount.
• Life Insurance, Short-Term and Long-Term Disability
• Special Program Options: FSA, EPA, Legal Services and Identity Theft
• Continuous Training for your Professional Development
• Working in a dynamic, collaborative, and fun environment
• Coached and supported career growth through Wrench University

What Will I Do?

• Collaborate with internal teams (Legal, Cybersecurity, IT, Operations, and business units) to ensure third-party relationships align with company policies, risk tolerance, and regulatory requirements.
• Participate in the development and governance of the Third Party Risk Management (TPRM) framework, including policies, procedures, and controls.
• Conduct due diligence and risk assessments on new and existing vendors, covering security, privacy, operational, and compliance aspects.
• Develop and maintain third-party risk assessment schedules, reporting, and vendor lifecycle documentation.
• Monitor vendor performance, compliance, and trigger re-assessments based on risk levels or significant changes.
• Support audits, internal reviews, and regulatory exams by providing third-party risk documentation and reporting.
• Track and escalate third-party risk issues and mitigation plans to ensure timely resolution.
• Maintain awareness of emerging third-party risks and evolving regulatory requirements that may impact the organization.
• Support review, negotiation, and management of third-party contracts (e.g., DPAs, MSAs, SOWs) in collaboration with Legal and cross-functional teams.
• Evaluate vendor contracts for risk clauses, SLAs, and compliance requirements; track contract terms and renewal dates using contract management processes.

Do I Have What it Takes?

• Bachelor’s degree in Business, Finance, IT, Legal Studies, or a related field.
• 2–4 years of experience in third-party risk management, contract management, compliance, cybersecurity or data privacy.
• Working knowledge of MS Excel and SharePoint; familiarity with risk assessment tools a plus
• Ability to create and analyze metrics to identify trends, gaps and issues;
• Above-average written, verbal, and interpersonal skills; and effective interpersonal skills
• Familiarity with contract lifecycle management tools and processes as well as contract negotiations
• Is passionate about learning and is interested in cybersecurity, data protection, data governance, and privacy;
• Knowledge of data governance, and experience learning other business areas data handling processes a strong plus;
• Ability to critically think, analyze and solve problems, including experience translating concepts and requirements into tangible business solutions;
• Interest in attaining a cybersecurity security certification (Security+, CISA) or a privacy certification (CIPP/CIPT) or a plus, but not required.
• Ability to work independently and in a collaborative team environment.
• Awareness of legal and regulatory requirements (e.g., CCPA, CPRA) and security frameworks (CIS 20, NIST).