Third Party Risk Management Analyst

Clorox is the place that’s committed to growth – for our people and our brands. Guided by our purpose and values, and with people at the center of everything we do, we believe every one of us can make a positive impact on consumers, communities, and teammates. Join our team. #CloroxIsThePlace

Your role at Clorox:

Are you passionate about cybersecurity and ready to take on a pivotal role in safeguarding our organization? We are looking for a dynamic and experienced Third Party Risk Management Analyst to elevate our cybersecurity risk posture. In this role, you will be at the forefront of managing and mitigating risks associated with our third-party vendors, suppliers, and partners. You’ll assess their security practices, ensure compliance with regulatory requirements, and implement robust risk management frameworks to protect us from potential threats. If you have a strong background in cybersecurity, vendor risk assessments, and regulatory compliance, we want to hear from you!

In this role, you will:

Third-Party Risk Assessment & Management

• Develop, implement, and maintain the Third-Party Risk Management (TPRM) framework in alignment with cybersecurity policies and industry best practices (e.g., NIST, ISO 27001, SOC 2).
• Conduct risk assessments of third-party vendors, including due diligence, security control evaluations, and ongoing monitoring of their cybersecurity posture.
• Identify, classify, and prioritize vendor risks, recommending appropriate remediation plans and risk mitigation strategies.
• Work with procurement, legal, and IT security teams to ensure security requirements are embedded in vendor contracts and service-level agreements (SLAs).

Governance, Compliance & Regulatory Requirements

• Ensure third-party vendors comply with relevant regulatory and compliance frameworks (e.g., GDPR, CCPA, HIPAA, PCI-DSS, SOX).
• Establish and maintain key risk indicators (KRIs) and performance metrics to monitor third-party cybersecurity risks.
• Collaborate with internal audit, compliance, and legal teams to ensure vendors align with corporate risk policies and regulatory expectations.

Third Party Risk Mitigation

• Develop and maintain third-party risk response plans.
• Continuously enhance vendor risk assessment methodologies based on evolving threats, industry trends, and organizational risk appetite.

Stakeholder Collaboration & Communication

• Act as the primary point of contact for vendor cybersecurity risk assessments and external audits.
• Work closely with business units, procurement, and IT teams to integrate third-party risk considerations into the enterprise risk management (ERM) framework.
• Provide executive reporting on third-party cybersecurity risks, presenting findings and recommendations to senior leadership and board members.

What we look for:

• 6+ years of experience in third-party/vendor risk management, cybersecurity risk, or IT governance.
• Strong knowledge of risk management frameworks (NIST, ISO 27001, CIS Controls) and regulatory standards (GDPR, HIPAA, PCI-DSS, SOC 2).
• Experience with GRC tools (e.g., Archer, OneTrust, ServiceNow, BitSight, SecurityScorecard) for third-party risk management.
• Familiarity with cloud security risks (AWS, Azure, Google Cloud) and vendor security controls.
• Strong analytical, problem-solving, and stakeholder communication skills.
• Bachelor’s degree in Cybersecurity, Information Security, Risk Management, or related experience. (Master’s preferred).
• Certifications: CISSP, CISM, CRISC, CISA, or vendor risk management certifications.
• Experience with third-party cyber risk rating platforms (e.g., BitSight, SecurityScorecard).
• Knowledge of supply chain risk management and resilience strategies.

#LI-HYBRID

Workplace type:

3 Days in Office; 2 Days WFH

We seek out and celebrate diverse backgrounds and experiences. We’re looking for fresh perspectives, a desire to bring your best, and a non-stop drive to keep growing and learning.

At Clorox, we have a Culture of Inclusion. We believe our values-based culture connects to our purpose and helps our people be the best versions of themselves, professionally and personally. This means building a workplace where every person can feel respected, valued, and fully able to participate in our Clorox community. Learn more about our I&D program & initiatives here.

[U.S.]Additional Information:

At Clorox, we champion people to be well and thrive, starting with our own people. To help make this possible, we offer comprehensive, competitive benefits that prioritize all aspects of wellbeing and provide flexibility for our teammates’ unique needs. This includes robust health plans, a market-leading 401(k) program with a company match, flexible time off benefits (including half-day summer Fridays depending on location), inclusive fertility/adoption benefits, and more.

We are committed to fair and equitable pay and are transparent with current and future teammates about our full salary ranges. We use broad salary ranges that reflect the competitive market for similar jobs, provide sufficient opportunity for growth as you gain experience and expand responsibilities, while also allowing for differentiation based on performance. Based on the breadth of our ranges, most new hires will start at Clorox in the first half of the applicable range. Your starting pay will depend on job-related factors, including relevant skills, knowledge, experience and location. The applicable salary range for every role in the U.S. is based on your work location and is aligned to one of three zones according to the cost of labor in your area.

–Zone A: $104,100 - $199,100–Zone B: $95,500 - $183,300–Zone C: $86,800 - $166,600

All ranges are subject to change in the future. Your recruiter can share more about the specific salary range for your location during the hiring process.

This job is also eligible for participation in Clorox’s incentive plans, subject to the terms of the applicable plan documents and policies.

Please apply directly to our job postings and do not submit your resume to any person via text message. Clorox does not conduct text-based interviews and encourages you to be cautious of anyone posing as a Clorox recruiter via unsolicited texts during these uncertain times.

To all recruitment agencies: Clorox (and its brand families) does not accept agency resumes. Please do not forward resumes to Clorox employees, including any members of our leadership team. Clorox is not responsible for any fees related to unsolicited resumes.