EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.
We are seeking a dedicated Third‑Party Risk Management Analyst to support the effective management and oversight of vendor relationships within our organization. This role involves executing critical tasks, ensuring required documentation and evidence are collected and maintained, coordinating onboarding and periodic reviews, and supporting audit-readiness processes in collaboration with internal stakeholders and external partners.
You will work within the business (LOD1), executing tasks and preparing artefacts that will be reviewed by LOD2 (Risk/Compliance) or auditors, but does not perform independent assessments, ratings, or approvals.
Responsibilities
- Initiate and coordinate vendor onboarding steps, including documentation collection, questionnaire distribution, and contract uploads
- Ensure all required artefacts such as DPIA inputs, security questionnaires, and certifications are complete before submission to LOD2
- Maintain accurate vendor metadata, including service descriptions, data classification, and criticality inputs
- Collect and validate documentation such as ISO certificates, SOC reports, penetration test summaries, insurance certificates, and security policies
- File all vendor-related evidence appropriately in designated repositories like ServiceNow, Archer, Confluence, or SharePoint
- Keep vendor files, including contracts, SOWs, SLA documents, and amendments, up to date
- Track vendor tasks across internal teams (e.g., Legal, InfoSec, Procurement) to ensure timely completion
- Coordinate periodic vendor reviews by preparing artefacts and scheduling interviews or walkthroughs
- Notify stakeholders of upcoming renewal deadlines, expiring certificates, and any relevant contract changes
- Document issues identified by LOD2 or audits and track remediation actions for resolution within LOD1
- Support engineering, product, and business teams to address corrections, such as updating access lists and ensuring encryption configurations
- Deliver updated evidence to LOD2 upon completion of corrective actions
- Prepare comprehensive evidence packages for third-party audits and assist in walkthroughs and interviews
- Address regulator information requests by lodging evidence and supporting internal inquiries
- Execute TPRM-related controls, including vendor activity reviews and access recertifications, ensuring compliance with documented SOPs
- Identify inefficiencies in processes and recommend actionable improvements to optimize TPRM operations
- Contribute to refining templates, checklists, and work instructions
Requirements
- 3+ years of experience in operational roles in vendor management, IT operations, sourcing, compliance operations, cybersecurity coordination, or a similar field
- Understanding of third-party risk fundamentals, including SOC reports, ISO certifications, and contract/data handling considerations
- Exposure to cloud services, SaaS, or IT service provider environments
- Strong documentation, evidence-handling, and organizational skills
- Capability to communicate effectively with internal and external stakeholders, maintaining accuracy and structure in all documentation
- Ability to manage multiple processes and deadlines simultaneously while staying proactive in issue identification
- Team-oriented and service-oriented with a commitment to operational excellence
- Fluency in English (both written and spoken) at a minimum B2+ level
Nice to have
- CTPRP (Certified Third‑Party Risk Professional) at a foundational level
- ISO 27001 Foundation certification
- Basic cloud certifications (Azure Fundamentals, AWS Cloud Practitioner)
- Familiarity with workflow and GRC platforms such as ServiceNow, Archer, OneTrust, Coupa, or SAP Ariba
We offer
- We believe that the greatest strength of the company is its people. EPAM is fully committed to help its employees to reach their full potential and achieve their professional goals through continues learning. With this in mind, we would like to introduce to you few of the many opportunities and services which we believe will help you expand your current knowledge:
- Full access to cutting-edge tools and technologies
- Competitive compensation depending on experience and skills
- All-around Social package: professional & soft skills training, medical & family care programs, sports
- Relocation opportunities
- Free English classes
- Unlimited access to LinkedIn learning solutions
- Continuous experience exchange with experts and professionals worldwide
- Friendly team and comfortable working environment
- Engineering, corporate, and social events within and outside the Company
- Flexible working schedule
- Opportunities for self-realization
