Third Party Risk Analyst

OnePay is a consumer financial services app with an exceedingly simple mission: to help people achieve financial progress.

Tens of millions of Americans today are unbanked or underbanked, meaning they don’t have enough money in savings to cover a minor emergency. They pay too much in fees, don’t have access to credit at affordable rates, and have little ability to grow their wealth. OnePay’s vision is to create a single app for consumers to save, spend, borrow, and grow their money, bringing our mission to life with simple and accessible banking, credit, and payments products that deliver a best-in-class experience to millions of customers. Our products include:

• Checking and high-yield savings accounts

• Domestic and international peer-to-peer payments

• Credit Builder and credit score monitoring

• Digital wallet / contactless payment solutions

• Credit card program

• Buy-now-pay-later installment loans at Walmart

• Prepaid mobile service

Why do we have a right to win? We have the backing of Walmart (a Fortune 1) and Ribbit Capital (a preeminent fintech investor), are deeply embedded with the distribution of the world’s largest omnichannel retailer, and have an industry-leading multi-product value proposition — all in addition to having some of the best people and talent in the industry.

There’s never been a better time to build a category-defining business and there has rarely been a team better positioned for the opportunity. Join us!

As a TPRM (Third Party Risk) Analyst at OnePay, you will play a critical role in safeguarding our ecosystem from third-party security risks. You’ll assess the posture of high-risk vendors, review security attestations and contracts, and ensure compliance with our audit and regulatory standards. Your work will directly impact our ability to prevent breaches and maintain customer trust!

What You’ll Do

• Conduct vendor risk reviews and evaluate third-party attestations such as SOC 2, ISO 2700x, and other security certifications.

• Analyze vendor contracts and identify potential risk clauses or data security implications.

• Support annual high-risk vendor audits and maintain documentation to meet compliance requirements.

• Collaborate cross-functionally with Legal, Procurement, Engineering, and Compliance teams to assess risk exposure and mitigation plans.

• Provide technical insight into vendor integrations, authentication, and infrastructure security controls.

You Bring

• 5–8+ years of experience in information security, vendor risk management, or related technical risk roles.

• Strong understanding of security frameworks and certifications (SOC 2, ISO 2700x, NIST, etc.).

• Familiarity with authentication, disaster recovery, and infrastructure security concepts.

• Ability to interpret and challenge vendor-provided attestations and control summaries.

• Comfort reviewing contracts and identifying clauses impacting data handling or access control.

• Excellent communication and analytical skills, with the ability to ask critical questions and present findings clearly.

• Drive and proactivity – everyone here is a builder and executor.

• Initial Interview with Talent Partner

• Technical or Hiring Manager Interview

• Team Interview

• Executive Interview

• Offer!

To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at [email protected].