Third Party Risk Analyst

OnePay is the consumer fintech trusted by millions of Americans to make money better.

Our financial system is broken. High fees, low rates, and too few ways to actually grow your money. We’re fixing it. And we’re moving fast.

We’re an all-in-one financial services platform that brings together banking, high-yield savings, credit cards, point-of-sale lending, investing, and crypto in one place. We also partner with employers, HCM providers, gig platforms, and others to deliver embedded financial services to millions of employees and frontline workers.

We’re backed by Walmart, the world’s largest retailer, and Ribbit Capital, one of fintech’s most respected investors, giving us rare scale, distribution, and the opportunity to build something truly category-defining.

But what really sets OnePay apart is how we move. Our customers don’t have time to wait… and neither do we. This place moves fast, and we’re looking for people who are:

• Ready to run

• Hungry and driven by urgency

• Exceptional at what they do, with low ego

• Comfortable operating in motion

As a TPRM (Third Party Risk) Analyst at OnePay, you will play a critical role in safeguarding our ecosystem from third-party security risks. You’ll assess the posture of high-risk vendors, review security attestations and contracts, and ensure compliance with our audit and regulatory standards. Your work will directly impact our ability to prevent breaches and maintain customer trust!

What You’ll Do

• Conduct vendor risk reviews and evaluate third-party attestations such as SOC 2, ISO 2700x, and other security certifications.

• Analyze vendor contracts and identify potential risk clauses or data security implications.

• Support annual high-risk vendor audits and maintain documentation to meet compliance requirements.

• Collaborate cross-functionally with Legal, Procurement, Engineering, and Compliance teams to assess risk exposure and mitigation plans.

• Provide technical insight into vendor integrations, authentication, and infrastructure security controls.

You Bring

• 5–8+ years of experience in information security, vendor risk management, or related technical risk roles.

• Strong understanding of security frameworks and certifications (SOC 2, ISO 2700x, NIST, etc.).

• Familiarity with authentication, disaster recovery, and infrastructure security concepts.

• Ability to interpret and challenge vendor-provided attestations and control summaries.

• Comfort reviewing contracts and identifying clauses impacting data handling or access control.

• Excellent communication and analytical skills, with the ability to ask critical questions and present findings clearly.

• Drive and proactivity – everyone here is a builder and executor.

• Initial Interview with Talent Partner

• Technical or Hiring Manager Interview

• Team Interview

• Executive Interview

• Offer!

To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at [email protected].