Third Party Risk Management Analyst

Title: Third Party Risk Management Analyst

Reports to: Cyber Risk Director

Department: Information Technology

Location: Boston, MA

Type: Full time

BAIN CAPITAL OVERVIEW

With approximately $225 billion of assets under management, Bain Capital is one of the world’s leading private investment firms. We create lasting impact for our investors, teams, businesses, and the communities in which we live. Over four decades we have strategically grown our platform to focus on Private Equity, Growth & Venture, Capital Solutions, Credit, and Real Assets. Today, our team includes 1,985+ employees in 24 offices on four continents. 

We partner differently to help people and companies embrace possibility and realize potential. Founded as a private partnership in 1984, we have fostered a culture of innovation, entrepreneurialism, and agility, empowering our people to define and own their career trajectories. Today, our partnership approach enables us to pursue strategic growth, build enduring relationships with a robust external network, and collaborate across our integrated platform to connect the deep and diverse expertise that unlocks breakthrough insights.

Our people are the heart of our advantage. Colleagues at all levels have a seat at the table as they tackle business challenges with a principal investor mindset. By asking incisive questions, respectfully challenging one another, and remaining intellectually agile, we work together to achieve exceptional outcomes. 

For more information visit: Bain Capital

DESCRIPTION

This role is responsible for managing third parties and third-party risk management activities, supporting procurement and sourcing initiatives, and ensuring compliance with internal governance standards. The position partners with cross-functional teams to assess and manage mitigation of risks, improve processes, and support effective third-party relationships across the organization. The role also monitors emerging industry and cybersecurity risks, maintains oversight frameworks, and contributes to the continuous enhancement of third party risk management and procurement practices.

Responsibilities:

• Lead risk assessments of third parties.  Develop remediation plans and partner with internal stakeholders to ensure that all risk assessment and remediation requirements have been met.

• Identify, assess, and document AI-related risks introduced by third parties, including evaluating the use of AI/ML tools, models, and automated decision-making systems, and apply relevant AI governance frameworks to ensure appropriate oversight and risk mitigation.

• Support the third party selection and contracting process on major sourcing efforts. Assess the risks associated with a third party relationship prior to the renewal of contract agreements.

• Continually reassess the risks associated with the function and inherent in the business based on the third party relationships.

• Analyze, update and modify procedures and processes to identify and continuously implement third party risk management process improvements to meet emerging risks.

• Maintain a structured internal governance framework to ensure effective oversight of third party risk management and procurement compliance.

• Stay informed about the latest developments in the third party risk management and cyber field.

• Maintains knowledge of business, products and systems to ensure effective use of third party and procurement services.

• Partner and maintains strong working relationships within Procurement, Compliance, IT, RDS and Legal and business units as applicable. 

• Qualifications

• Bachelor degree in technology, risk, business or a related field. 

• 2 - 4 years of practical or working experience within third party risk management or auditing, preferably in the financial services line of business.

• Certifications in Risk (CTPRP, CTPRA), Audit/Cyber (CISSP, CRISC, CISA, CISM) and Project Management (PMP) are a plus but not a requirement. Must be willing to obtain such certifications as directed by management.

• Prior hands-on technical experience with technology, business applications, cybersecurity products, and IT support / Infrastructure.

• Ability to assess IT/Security operational processes, controls and governance. Perform gap analysis and make recommendations on remediation or mitigating controls.

• Knowledge of control and risk identification, and the ability to assess the strength of controls in relation to multiple risk factors operating in complex situations and systems.

• Proven analytical and problem-solving skills.  Detail oriented and organized in managing multi-project, multi-tasked responsibilities with varying deadlines.

• Familiarity with industry compliance standards and frameworks, such as ISO 27001, SIG, SOC2, NIST and others.

• Knowledge of AI risk concepts, AI/ML governance frameworks (such as NIST AI RMF or ISO 42001), and the ability to assess and evaluate AI-related risks and controls within third party relationships, including experience with or awareness of AI tools, automated decision-making, and emerging AI regulatory requirements.

• Exceptional communication and presentation skills.  The ability to translate technical concepts into layman’s terms and interface with various levels of management internally and within Third Parties

Compensation: Expected Annual Base Salary $75,000 - $90,000.

Actual base salary will be determined by a wide range of factors including but not limited to role, function, level, experience, qualifications and geographic location. In addition to a competitive base salary, this position may be eligible for a discretionary annual bonus based upon factors such as individual impact, team and firm performance. Bain Capital offers a competitive benefits package designed to support employees’ health, financial security, family needs, and overall well-being.

Bain Capital is an equal opportunity employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.