Location: 100% Remote (Candidates must reside in the Eastern or Central time zones) KORE1, a nationwide provider of staffing and recruiting solutions, has an immediate opening for a Senior Cybersecurity Risk Analyst - NIST Frameworks, SOC2/ISO Review, Vendor Risk & TPRM (Archer / Black Kite a +) Top Skills: • Strong understanding of cybersecurity principles, best practices, and control frameworks (e.g., NIST CSF, NIST 800-53). • Demonstrated ability to interpret SOC 2 Type II reports, ISO 27001 certifications, penetration test reports, and related third-party security documentation. • Experience conducting third-party, vendor, or technology risk assessments and identifying compensating controls. Experience supporting or operating within a Third-Party Risk Management (TPRM) program. Preferred Skills: • Working knowledge of Governance, Risk, and Compliance (GRC) platforms (e.g., Archer or similar tools) • Experience leveraging third-party risk monitoring tools (e.g., Black Kite) Local, state, or federal government experience. We are seeking an experienced Cyber Security Analyst III to evaluate cybersecurity risks associated with new technologies, vendor solutions, and third-party integrations. This role supports statewide cybersecurity governance by conducting structured security reviews, assessing vendor security controls, and contributing to the development and operation of the State's Third-Party Risk Management (TPRM) program. The ideal candidate will have strong experience reviewing vendor security documentation, interpreting compliance frameworks, and performing risk assessments to support procurement and technology adoption decisions. Responsibilities Technology & Solution Security Reviews • Conduct security reviews for new technologies, applications, and cloud services proposed for use within the State. • Review architectural diagrams and solution designs to validate security controls, configurations, and data protection mechanisms. • Assess alignment with State cybersecurity policies and industry security frameworks. • Develop structured risk assessments and provide actionable recommendations for technology adoption decisions. Vendor Security & Third-Party Assessments • Evaluate vendor security documentation including SOC 2 Type II reports, ISO 27001 certifications, penetration test reports, and security questionnaires. • Identify security gaps, inherited risks, and areas requiring compensating controls. • Support vendor onboarding and procurement evaluations in collaboration with procurement, legal, and technical stakeholders. Third-Party Risk Management (TPRM) Program Support • Assist in developing and maturing the State's Third-Party Risk Management program. • Leverage tools such as Black Kite to support vendor monitoring, risk scoring, and vendor tiering. • Contribute to policies, templates, and procedures that strengthen vendor risk evaluation processes. Governance, Risk & Compliance (GRC) Platform Support • Utilize the Archer GRC platform to document risk assessments, waiver evaluations, and remediation tracking. • Support improvements to workflows and processes used for enterprise risk management. • Help ensure data quality and reporting accuracy for cybersecurity risk tracking. Security Waiver Review & Risk Analysis • Assist with evaluation of cybersecurity waiver requests requiring deeper technical risk analysis. • Document findings, risk implications, and mitigation strategies supporting risk acceptance decisions. Risk Register Management • Maintain and update the statewide cybersecurity risk register. • Track remediation activities and validate mitigation efforts for risks exceeding tolerance thresholds. • Coordinate with stakeholders to ensure timely remediation and escalation when necessary. Required Skills & Experience • Strong understanding of cybersecurity principles, best practices, and control frameworks such as NIST CSF and NIST 800-53. • Demonstrated ability to interpret SOC 2 Type II reports, ISO 27001 certifications, penetration test reports, and related third-party security documentation. • Experience conducting third-party, vendor, or technology risk assessments and identifying compensating controls. • Experience supporting or operating within a Third-Party Risk Management (TPRM) program. Additional Requirements • Experience performing technology or architecture security reviews. • Familiarity with cloud security concepts and secure architecture principles. • Ability to analyze vendor security documentation and assess associated risks. • Strong analytical thinking and problem-solving skills. • Strong technical writing and documentation skills with the ability to communicate risks clearly to technical and non-technical stakeholders. • Ability to manage multiple concurrent assessments and priorities in a fast-paced environment. • Strong organizational skills and attention to detail. Preferred Skills • Experience working with Governance, Risk, and Compliance (GRC) platforms such as Archer IRM. • Experience leveraging third-party risk monitoring platforms such as Black Kite. • Experience supporting cybersecurity programs in local, state, or federal government environments. Compensation depends on experience but is typically $45-50/hr ABOUT KORE1 Specializing in professional and technical recruiting, KORE1 is committed to supporting top IT, Engineering, Creative, Scientific, Accounting and Finance professionals in their career paths. We build deep relationships with leading companies, connecting them to exceptional talent every day. With extensive industry expertise and unmatched opportunities, our goal is to provide a unique experience for our contractors and consultants as they prepare for their next role. We are passionate about matching the right people with the right companies. Kore1 provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Kore1 complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Kore1 expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Kore1's employees to perform their job duties may result in discipline up to and including discharge. Apply tot his job