Advanced Risk & Compliance Analyst – Third Party Risk Management

Relativity operates in the Legal Tech industry and focuses on security, risk, and compliance initiatives within its supplier landscape. The role supports the development and maintenance of Calder7's security standards.

• Bachelor's degree in Risk Management, Information Systems, Cybersecurity, Business, Law, or related field.
• 3-6+ years of professional experience in third-party risk management, vendor risk, enterprise risk, or compliance.
• Demonstrated hands-on experience with third-party risk continuous monitoring.
• Experience identifying, analyzing, and responding to ongoing third-party risk signals (e.g., cyber posture changes, incidents, regulatory or operational events).
• Working knowledge of third-party risk domains, including information security, privacy, operational, and compliance risk.
• Familiarity with risk and control frameworks, including ISO/IEC 27001/27018 and/or comparable frameworks (e.g., NIST 800-53, SOC 2).
• Experience supporting issue management, remediation tracking, and risk escalation for third-party risk.
• Strong written and verbal communication skills, with the ability to clearly articulate risk to technical and non-technical stakeholders.
• Ability to translate complex regulatory requirements into practical, scalable solutions.
• Hybrid-working role (2+ days in office).

Preferred qualifications:

• Experience working in a SaaS environment operating on a global scale.
• Experience in the legal space with a high understanding of e-discovery and litigation.
• Relevant certifications (e.g., CTPRP, CTPRA, CompTIA CySA+, CRISC, CISA, CISSP).
• Experience with continuous monitoring and risk intelligence tools (e.g., RiskRecon, BitSight, SecurityScorecard, Panorays, ProcessUnity, BlackKite, Safe Security).
• Experience in regulated or highly complex environments.
• Familiarity with cloud and critical third-party ecosystems.

• Lead and mature the Third-Party Risk Management (TPRM) continuous monitoring program.
• Proactively identify, assess, and respond to ongoing third-party risk signals across vendors, suppliers, partners, and service providers.
• Design, implement, and own the continuous monitoring strategy for third-party risk across Relativity.
• Continuously evaluate and enhance monitoring coverage and effectiveness.
• Identify, ingest, and analyze internal and external risk signals, including cyber posture, security events, operational resilience indicators, financial health, and regulatory findings.
• Leverage automated monitoring tools and data sources to detect changes in third-party risk posture.
• Triage third-party risk events and determine severity, impact, and required actions.
• Coordinate with Procurement, Legal, Calder7, and Senior Leadership on response plans.
• Track remediation activities, validate corrective actions, and manage risk exceptions.
• Define and maintain KRIs, dashboards, and executive reporting for third-party risk trends.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other legally protected basis, in accordance with applicable law.