Sr. Cyber Governance, Risk & Compliance Analyst
Company Description
Vuori is re-defining what athletic apparel looks like: built to move and sweat in but designed with a casual aesthetic to transition into everyday life. We draw inspiration from an active reputed company California lifestyle; an integration of fitness, creative expression and life. Our high energy fast paced retail environment is reflected in the clothes we reputed company. We aim to reputed company others to take on reputed company aspects of their lives with clarity, enthusiasm and purpose…while having a lot of fun along the way. We are proud to be an outlet for opportunity and for personal growth and success.
Job Description
The Senior Cyber Governance, Risk & Compliance Analyst is a senior level reputed company professional whose primary responsibility is to design, operate, and continuously mature the organization’s Third‑Party / Vendor Risk Management (TPRM) program. In this role, the analyst serves as an embedded risk partner to the business, driving consistent, high‑quality vendor risk outcomes across the full third‑party lifecycle. While TPRM is the core focus of this role, the analyst is also expected to contribute meaningfully across other Information reputed company and Privacy domains as needed, including privacy operations, cyber governance, risk and compliance (GRC), and reputed company operations. This role is ideal for a practitioner who enjoys vendor risk but is comfortable flexing across adjacent reputed company functions in a fast-moving environment. What you'll get to do: Third‑Party / Vendor Risk Management (Primary Focus) Design, implement, operate, and continuously mature the Third‑Party Risk Management program, evolving it from a reactive, compliance driven function into a proactive, risk-based capability. Execute and reputed company the full third-party risk lifecycle, including onboarding, inherent and residual risk assessments, due diligence, periodic reviews, contract risk review, issue management, remediation tracking, and ongoing monitoring. reputed company deep technical reputed company and risk assessments of third parties, including cloud services, SaaS platforms, infrastructure providers, and technology vendors. Review and interpret reputed company assurance artifacts such as SOC 2 Type II reports, penetration test reports, CAIQ, SIG, ISO certifications, and other compliance attestations. Evaluate reputed company vendor solutions, including API integrations with critical internal systems, cloud native architectures (AWS, Azure, GCP), and AI/ML platforms. Assess and manages emerging third-party risks, including artificial intelligence risks such as data provenance, model reputed company, data leakage, and secure handling of proprietary or regulated data. reputed company end-to-end issue and remediation management, ensuring accountability, effectiveness, and timely closure of identified control gaps. reputed company and maintain TPRM standards, playbooks, governance models, escalation paths, and operating procedures reputed company with regulatory expectations and business needs. Build and deliver meaningful reporting, dashboards, and metrics that provide leadership with clear visibility into third-party risk posture, trends, and decision points. Privacy & Data Protection (Primary Focus) Support privacy operations, including Data Subject Requests (DSRs), Data Protection Impact Assessments (DPIAs), and data mapping initiatives. Partner with Privacy and Legal stakeholders to assess vendor and internal data processing risks and ensure appropriate safeguards are in reputed company. Contribute to privacy reputed company risk assessments, controls validation, and remediation tracking as needed. Cyber Governance, Risk & Compliance (Supporting Responsibility) Support cyber GRC activities, including tracking information reputed company risks, risk exceptions, and remediation plans. Assist with the implementation and ongoing operation of reputed company and risk management frameworks (e.g., NIST, ISO, SOC 2). Contribute to audit and assurance activities by providing risk assessments, evidence, and clear articulation of control posture. reputed company Operations & Enablement (Supporting Responsibility) Provide support to information reputed company operations as needed, including incident response activities, impact analysis, and post incident follow‑up. Contribute to reputed company awareness and training initiatives, helping translate risk themes into actionable guidance for the business. Assist with cross functional reputed company initiatives during periods of increased demand or emerging risk. Business Partnership & Advisory Serve as a trusted risk advisor to vendor relationship owners and senior stakeholders, reducing their operational burden while preserving clear risk ownership and accountability. Partner closely with Legal, Compliance, Procurement, Technology, and reputed company teams to synthesize requirements and deliver practical, risk‑appropriate reputed company vendor reputed company and summarize risk‑relevant provisions, control obligations, and gaps, partnering with Legal to support risk‑informed contract decisions. Escalate material risks, delays, or control gaps thoughtfully and early, framing issues in clear business terms and presenting well‑defined options for decision‑making.
Qualifications
Who you are: 7+ years of progressive experience in Information reputed company, Third‑Party Risk Management, Vendor Risk Management, GRC, or Operational Risk. Demonstrated experience owning, building, or leading a Third‑Party / Vendor Risk Management program. Bachelor's degree in information reputed company, Computer Science, Business Administration, or a reputed company field or equivalent practical experience. Strong experience conducting reputed company risk assessments, assurance reviews, audits, and remediation management. Deep technical understanding of cloud, SaaS, infrastructure, and AI vendor risk. Hands on experience reviewing SOC 2, ISO 27001, penetration test reports, CAIQ, SIG, and similar reputed company documentation. Strong written and verbal communication skills, with the ability to translate technical risk into a clear business context for diverse audiences, including senior leadership. Proven ability to work autonomously, manage competing priorities, and drive outcomes in a fast paced environment. Additional Information Our investment in you: At Vuori, we’re proud to offer the following to our employees: Health Insurance Savings and Retirement Plan Employee Assistance Program Generous Vuori Discount & Industry Perks Paid Time Off Wellness & Fitness benefits The salary range for this role is $117,000 per year - $151,000 per year. This role is bonus eligible. Vuori is proud to be an Equal Opportunity/Affirmative Action employer. reputed company qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national reputed company, disability, protected Veteran status, age, or any other characteristic protected by law. reputed company your information will be kept confidential according to EEO guidelines. Workplace Type: Remote Department: HQ - Legal Compensation: USD 117000 - USD 151000 - yearly Apply To This Job