Third Party Technology Assurance Analyst

The Apex Group was established in Bermuda in 2003 and is now one of the world's largest fund administration and middle office solutions providers.Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.Your career with us should reflect your energy and passion.That's why, at Apex Group, we will do more than simply 'empower' you. We will work to supercharge your unique skills and experience.Take the lead and we'll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities.For our business, for clients, and for youJob Description: Third Party Technology AssuranceAnalystPosition Overview:A Third Party Technology Assurance Analyst plays a critical role in safeguarding anorganization's technology landscape by managing and assessing the risks associatedwith third-party vendors and service providers. The analyst proactively analyses,monitors, and assures the compliance, security, and operational effectiveness ofexternal technology services upon which the organization relies. This position is vital ina world where organizations increasingly depend on external partners for software,cloud infrastructure, and data processing, making assurance and oversight of thirdparties a top priority for operational resilience and regulatory compliance.Key Responsibilities• Third Party Risk Assessments: Conduct comprehensive risk assessments of thirdparty technology vendors and service providers. Evaluate security postures,technical controls, and compliance with organizational and regulatoryrequirements before onboarding and throughout the partnership lifecycle.• Due Diligence Activities: Lead and support due diligence efforts by gathering,reviewing, and analyzing documentation such as SOC1/SOC2 reports, ISOcertifications, data protection agreements, GDPR and other compliance artefacts.• Ongoing Monitoring: Continuously monitor third party technology services forchanges in risk profile, compliance status, or incidents. Maintain updated recordsand risk ratings, and ensure periodic re-assessment in line with organisationalpolicies.• Vendor Risk Scoring & Reporting: Develop and update risk scoring models fortechnology vendors. Produce regular management reports and dashboardshighlighting risk trends, non-conformities, and remediation progress.• Incident Management: Participate in the identification, escalation, andremediation of incidents involving third party technology services. Coordinatewith internal stakeholders to ensure effective response and lessons learned.• Contractual Control Reviews: Review and advise on contract terms withtechnology vendors, ensuring that security, confidentiality, and complianceclauses are embedded and enforceable.• Policy & Framework Development: Contribute to the development, maintenance,and enhancement of third-party risk management policies, standards, andguidelines aligned with best practices (e.g., NIST, ISO• Stakeholder Engagement: Work closely with procurement, legal, informationsecurity, compliance, and business teams to build awareness and understandingof third-party risks and controls.• Audit Preparation & Support: Assist in the preparation for internal and externalaudits related to third-party technology risk. Provide evidence, documentation,and subject matter expertise as required.• Market Intelligence: Stay current with emerging risks, regulatory changes, andbest practices in third-party technology risk and assuranceRequired Skills and Qualifications:• Education: Bachelor's degree in Information Technology, Cybersecurity,Computer Science, Risk Management, or related field. Professional certifications(e.g., CISA, CISM, CRISC, CISSP) are highly desirable.• Experience: 2+ years of experience in technology risk management, third partysecurity assessments, or audit/assurance roles, preferably within financialservices, healthcare, or other regulated industries.• Technical Knowledge: Understanding of IT infrastructure, cloud architectures,SaaS platforms, and data protection frameworks. Familiarity with commonsecurity controls and risk management methodologies.• Regulatory Awareness: Solid knowledge of relevant regulations and standards(e.g., GDPR, HIPAA, SOX, PCI DSS, NIST, ISO• Analytical & Problem Solving: Strong analytical skills to identify, assess, andmitigate complex technology risks. Ability to evaluate large amounts ofinformation and make informed recommendations.• Communication: Excellent verbal and written communication skills for preparingreports, presenting findings, and influencing stakeholders at all organisationallevels.• Organisational Skills: Demonstrated ability to manage multiple priorities, meetdeadlines, and adapt in a fast-paced environment.• Attention to Detail: High degree of accuracy and attention to detail in reviewingdocumentation and risk artefacts.• Collaboration: Effective team player with a proactive approach to cross-functionalprojects and initiatives.• Continuous Learning: Eagerness to stay abreast of technological advancements,threat landscapes, and evolving assurance techniquesDesirable Skills and Competencies:• Automation and Tooling: Experience with third-party risk management platforms,GRC (Governance, Risk, and Compliance) tools, and automation of riskassessment processes.• Project Management: Familiarity with project management methodologies andthe ability to drive assurance initiatives from inception to completion.• Innovation: Ability to recommend and implement process improvements toincrease the efficiency and effectiveness of third-party risk managementactivities.• Negotiation: Confidence in negotiating with vendors to achieve favourableassurance and compliance terms.• Presentation Skills: Experience delivering risk-related findings and assuranceupdates to senior management, boards, or external regulators.Reporting LineTypically reports to: Head of Technology AssuranceDisclaimer: Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.