Senior Cybersecurity Third-party Risk Analyst

Boeing Boeing · Aerospace · Seattle, WA +11

This role focuses on enhancing cybersecurity third-party risk assessments by designing and implementing automation and agentic AI capabilities. The analyst will develop assessment processes, build automation assets (scripts, connectors, playbooks, AI agents), and lead lean process improvements to scale assessment throughput and accelerate risk decisions. Key responsibilities include executing assessments, producing risk findings, developing automated collection scripts and API connectors, deploying AI components for triage and scoring, and collaborating with stakeholders.

What you'd actually do

  1. Design & Execute end-to-end cybersecurity third-party assessments for strategic and high-risk vendors, including questionnaire reviews, technical evidence validation, architecture reviews, cloud configuration analysis, IAM assessments, encryption and key management reviews, logging/monitoring validation, and vulnerability/penetration test interpretation.
  2. Design, build, and maintain automated assessment capabilities: evidence collection scripts, API connectors, ETL pipelines, data validation routines, and integration points with TPRM/GRC platforms (Aravo, ServiceNow GRC, RSA Archer, OneTrust, etc.).
  3. Develop and deploy agentic AI components (e.g., automated evidence triage, document ingestion and extraction, risk-scoring assistants, remediation suggestion agents) while ensuring safe, auditable, and privacy-preserving behavior.
  4. Lead lean process improvement initiatives across the assessment lifecycle: map value streams, eliminate waste, reduce handoffs, optimize SLAs, and implement continuous improvement cycles to increase throughput and quality.
  5. Create and maintain technical assessment artifacts: standardized templates, evidence matrices, technical checklists, assessment playbooks, and scoring rubrics that support repeatability and auditability.

Skills

Required

  • 5+ years of cybersecurity experience with at least 3 years focused on third-party/vendor security assessments or equivalent technical assessment roles.
  • Deep hands-on expertise reviewing technical artifacts: cloud console evidence (AWS/Azure/GCP), architecture diagrams, IAM configurations, network security, encryption, logging/monitoring, vulnerability scans, and penetration test reports.
  • Proven ability to translate technical findings into concise executive-level summaries and remediation plans; excellent written and verbal communication skills.
  • Demonstrated experience applying lean principles or continuous improvement methods to operational processes - ability to run value stream mapping, define and measure waste, and implement sustainable improvements.
  • Comfortable working independently as a senior individual contributor and coordinating across technical and non-technical stakeholders; experience in agile environments and using agile tooling (ADO, JIRA).

Nice to have

  • Bachelor’s degree in Computer Science, Information Security, Engineering, or related technical field; advanced degree (MS or equivalent) preferred.
  • Industry recognized security certifications (CISSP, CISM, CRISC) and/or cloud security certifications (AWS/Azure/GCP Security) preferred.
  • Strong configuration skills for security/TPRM tooling (Aravo, ServiceNow GRC, RSA Archer, OneTrust, or similar) including forms, workflows, scoring, and data model configuration.
  • Formal training or certification in Lean/Six Sigma, Kaizen, or similar continuous improvement methodologies.
  • Practical experience designing, training, or integrating agentic AI components (LLM orchestration, retrieval-augmented generation, agent frameworks) into security processes - able to implement guardrails, audit logging, and privacy controls.
  • Prior experience implementing AI governance for security use cases
  • Familiarity with software supply chain risk concepts (SBOMs)
  • Experience with SIEM/SOAR integrations, vulnerability management platforms, and continuous monitoring
  • Experience working in regulated industries (finance, aviation, healthcare, defense) or with global privacy/regulatory requirements (GDPR, CMMC, etc...).

What the JD emphasized

  • agentic AI capabilities
  • agentic AI components
  • lean process improvement

Other signals

  • AI agents
  • automation
  • process improvement
  • risk assessments