Third-Party Cybersecurity Risk Management Analyst

Our vision is to transform how the world uses information to enrich life for all .
Micron Technology is a world leader in innovating memory and storage solutions that accelerate the transformation of information into intelligence, inspiring the world to learn, communicate and advance faster than ever.
The Third-Party Cybersecurity Risk Management (TPCRM) Analyst plays an integral part in the development, implementation, and monitoring of information risk management related to external suppliers. The analyst is responsible for identifying, assessing, monitoring, reporting, and auditing cybersecurity risks arising from third-party relationships, with a focus on Information Security, Privacy, Regulatory Compliance, and Governance.
Responsibilities

• Serve as a subject matter expert to ensure and monitor compliance with industry and government cybersecurity, privacy, and regulatory requirements as they relate to third-party relationships at the Enterprise/Region/Site level.
• Conduct third-party risk assessments to evaluate supplier security posture against organizational security, privacy, and resilience requirements.
• Perform gap analysis against frameworks and standards such as ISO 27001, NIST, SOX, TISAX, and GDPR, and drive remediation with suppliers.
• Assess assessment design effectiveness and continually monitor operating effectiveness of third-party security and privacy controls.
• Track, manage, and monitor third-party risk treatment and remediation plans, including supplier follow-ups and evidence validation.
• Develop, revise, and maintain third-party risk management policies, standards, processes, and guidelines through formal change management.
• Support overall third-party governance activities, to include conducting onsite supplier audits if needed, and report third-party cyber risk posture against established enterprise risk metrics.
• Conduct cybersecurity, regulatory, and supplier-related research to support emerging third-party threat identification and risk mitigation activities.
• Understand risk tolerance, contractual obligations, and tradeoffs associated with engaging third parties and effectively communicate risk to internal business, procurement, and technology stakeholders.
• Partner with internal procurement, legal, information security, and business teams to assess, implement, and monitor third-party cybersecurity risk management throughout the supplier lifecycle.
• Advise business-led initiatives on third-party cyber risk considerations, due diligence expectations, and standards compliance.

Education

• Bachelor's Degree in Computer Science/Management Information Systems/Business Administration. Master's degree is a plus.
• Related field of study.

Experience:
Analyzing and applying Information Security, Cyber Risk Management, Third-Party Risk Management, and Privacy practices for a minimum of two years of experience in the following areas:

• Third-party / vendor risk management, supplier assessments, or external assurance programs.
• IT business process knowledge and strong business acumen.
• Experience supporting or interfacing with procurement, legal, and vendor management functions.
• Experience working on third-party risk management tools like ServiceNow, Optro, or Archer.
• Risk analytics and reporting related to vendor, operational, or IT risk domains.
• Threat, vulnerability, business continuity, and third-party risk assessment methodologies.
• Knowledge of national and international regulatory and security frameworks including NIST Cybersecurity Framework, ISO standards, SOX, GDPR, HIPAA, and PCI DSS.
• CRISC, CISA, CISSP, ISO 270001 Lead Auditor Certifications or equivalent are a plus.
• Preferred skills in SharePoint and other sharing platforms.
• Knowledge of cybersecurity risk practices, especially as applied to third-party ecosystems.

Soft skills requirements

• Ability to define and communicate third-party cybersecurity risk in business-relevant language.
• Excellent verbal and written communication skills, including the ability to craft and deliver executive-level communications.
• Ability to respond effectively in high-pressure, dynamic, and rapidly changing environments.
• Ability to communicate cybersecurity and third-party risk concepts to non-technical stakeholders.
• Strong problem-solving, analytical, and risk-based decision-making skills.

About Micron Technology, Inc.
We are an industry leader in innovative memory and storage solutions transforming how the world uses information to enrich life for all . With a relentless focus on our customers, technology leadership, and manufacturing and operational excellence, Micron delivers a rich portfolio of high-performance DRAM, NAND, and NOR memory and storage products through our Micron® and Crucial® brands. Every day, the innovations that our people create fuel the data economy, enabling advances in artificial intelligence and 5G applications that unleash opportunities - from the data center to the intelligent edge and across the client and mobile user experience.
To learn more, please visit micron.com/careers
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
To request assistance with the application process and/or for reasonable accommodations, please contact at [email protected] .
Micron Prohibits the use of child labor and complies with all applicable laws, rules, regulations, and other international and industry labor standards.
Micron does not charge candidates any recruitment fees or unlawfully collect any other payment from candidates as consideration for their employment with Micron.
AI alert: Candidates are encouraged to use AI tools to enhance their resume and/or application materials. However, all information provided must be accurate and reflect the candidate's true skills and experiences. Misuse of AI to fabricate or misrepresent qualifications will result in immediate disqualification.
Fraud alert: Micron advises job seekers to be cautious of unsolicited job offers and to verify the authenticity of any communication claiming to be from Micron by checking the official Micron careers website in the About Micron Technology, Inc.