Senior Analyst, Third Party Risk Management (Remote Eligible - Costa Rica)

Remote Full-time
Senior Analyst, Third Party Risk Management

Smartsheet has helped people and teams achieve–well, anything. From seamless work management to smart, scalable solutions, we've always worked with flow. We're building tools that empower teams to automate the manual, uncover insights, and scale smarter. But more than that, we're creating space– space to think big, take action, and unlock the kind of work that truly matters. Because when challenge meets purpose, and passion turns into progress, that's magic at work, and it's what we show up for everyday.

Smartsheet is seeking a dedicated, experienced Third Party Risk Management (TPRM) Senior Analyst to join our Risk team. This is a high-visibility, cross-functional role that requires sustained focus and ownership; you will be a primary point of contact for vendor risk across the organization, interfacing regularly with cross-functional teams (Legal, Procurement, Privacy, and Information Security) as well as system owners.

This role is a meaningful commitment. You will own a portfolio of vendor assessments and help drive program maturity. We are looking for someone who brings deep focus and genuine investment to this work, the kind of professional who sees TPRM not as a checkbox function but as a critical enabler of trust for a global SaaS platform. You will report to the Third Party Risk Integration Manager located in the US. This role is eligible for remote work within Costa Rica. You must reside in Costa Rica.
You Will
• Lead end-to-end Third Party Risk Assessments for new and existing vendors, including vendor tiering, scoping, questionnaire management, and findings documentation.
• Own the ongoing monitoring and tracking of vendor risk across Smartsheet's third-party portfolio, ensuring timely follow-up on remediation activities and risk acceptance decisions.
• Evaluate vendor security documentation including SOC 2 reports, penetration testing results, ISO certifications, and other control attestations — and translate findings into clear, actionable risk summaries for stakeholders.
• Drive process improvement initiatives within the TPRM program, identifying opportunities to scale and mature the program through better tooling, automation, and workflow design.
• Collaborate cross-functionally with Legal, Procurement, Information Security, Privacy, and business stakeholders to ensure vendor risk considerations are embedded in sourcing and renewal decisions.
• Leverage AI tools (including Claude and Microsoft Copilot) to increase efficiency in vendor reviews and documentation — while applying sound judgment to review, validate, and take accountability for AI-generated outputs.
• Contribute to broader risk program activities including risk reporting, policy review, and program documentation as part of a lean, high-performing Risk team.
• Support the development of TPRM metrics and reporting to provide leadership with meaningful visibility into the organization's third-party risk exposure.
• Other job duties as assigned

You have
• 5+ years of experience in third party risk management, vendor risk, GRC, information security, audit, or compliance — with direct experience conducting vendor or third-party risk assessments.
• Practical knowledge of one or more risk or regulatory frameworks such as NIST, ISO 27001, COSO, COBIT, AICPA SOC/TSP, PCI DSS, or similar.
• Familiarity with vendor security questionnaire frameworks, including SIG (Shared Assessments) and/or CSA CAIQ.
• Demonstrated ability to review and interpret SOC 2 reports, penetration testing summaries, and other vendor security attestations.
• Experience working in cross-functional environments involving Legal, Procurement, and/or Engineering stakeholders.
• Strong written and verbal communication skills in English, with the ability to translate technical risk findings into clear business language.
• Effective critical thinking and judgment — able to assess risk materiality, prioritize competing demands, and escalate appropriately.
• Comfort working with and evaluating AI-generated content, with a clear understanding of the need to verify outputs before relying on them in risk decisions.
• Adaptability to evolving regulatory requirements and a genuine interest in staying current on the third-party risk landscape.

Nice to have
• Experience with vendor risk management platforms such as AuditBoard, Archer, OneTrust, ServiceNow GRC, Vanta, or Coupa.
• Background in SaaS, cloud, or technology company environments.
• Familiarity with AI-assisted workflows in a GRC or compliance context.
• Experience supporting or contributing to audit processes (e.g., SOC 2, ISO 27001, BARR).
• Relevant certifications such as CISA, CRISC, CTPRP, or equivalent.
• Experience with operational risk across multiple business units, legal entities, or jurisdictions.

Teleworking options from any registered location in Costa Rica (role specific)

Get to Know Us:

At Smartsheet, your ideas are heard, your potential is supported, and your contributions have real impact. You'll have the freedom to explore, push boundaries, and grow beyond your role. We welcome diverse perspectives and nontraditional paths—because we know that impact comes from individuals who care deeply and challenge thoughtfully. When you're doing work that stretches you, excites you, and connects you to something bigger, that's magic at work. Let's build what's next, together.

Equal Opportunity Employer:

Smartsheet is an Equal Opportunity (EEO) employer committed to fostering an inclusive environment with the best employees. It is our policy to provide equal employment opportunities to all qualified applicants in accordance with applicable laws in the US, UK, Australia, Germany, Costa Rica, Japan, Bulgaria, and India. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.

Apply tot his job

Apply To this Job
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

**Experienced Work from Home Inbound Customer Service Representative – Seasonal Part-Time Opportunity**

Remote

**Experienced Customer Service Representative – Virtual Call Center Operations**

Remote

[Remote Part-time jobs] Amazon Data Entry Jobs (At Work Home) Apply Now

Remote

Personal Banker Hershey East Palmyra

Remote

Engineer Sr 1 - Embedded Product Security - Arthrex

Remote

Performance Designer - Health and Wellness - REMOTE

Remote

Urgently Hiring: Customer Care Assistant- Entry Level (Remote)

Remote

Experienced Part-Time Remote Data Entry Clerk – Flexible Typing Job with careerzynith

Remote

Customer Support Representative (Peru and Honduras)

Remote

**Experienced Full Stack Financial Analyst – Canadian Revenue Forecasting and Reporting**

Remote
← Back