Senior Analyst, Third Party Risk Management (TPRM)

About Payoneer Founded in 2005, Payoneer is the global financial platform that removes friction from doing business across borders, with a mission to connect the world’s underserved businesses to a rising global economy. We’re a community with over 2,500 colleagues all over the world, working to serve customers, and partners in over 190 countries and territories. By taking the complexity out of the financial workflows–including everything from global payments and compliance to multi-currency and workforce management, to providing working capital and business intelligence–we give businesses the tools they need to work efficiently worldwide and grow with confidence.Role Summary  The Third Party Risk Management (TPRM) function is responsible for establishing and operating the enterprise framework for identifying, assessing, and overseeing risks arising from third party relationships, including outsourced service providers, banking partners and other critical vendors. The function supports regulatory compliance, operational resilience, and sound risk governance across the full third party lifecycle.  The Senior Analyst, Third-Party Risk Management is responsible for executing core third-party risk oversight activities across the vendor lifecycle, with a particular focus on due diligence execution, security assessment review, and portfolio monitoring. The role supports portfolio visibility, intake handling, and management reporting, and contributes to the improvement and automation of TPRM workflows through the use of data analytics and AI-enabled tooling. The role brings a technology and security risk lens to complement the team's existing capabilities across governance, operational resilience and vendor risk management.  Primary Duty and Responsibilities

Execute due diligence activities across the third-party lifecycle, including initial onboarding assessments, periodic reviews, and event-driven assessments for higher-risk and higher-tier vendors, ensuring assessments are complete, accurate, and decision-ready.

Review and process vendor intake requests, ensuring completeness of information and correct classification and routing based on service characteristics, risk drivers, and technology profile.

Perform structured reviews of vendor security assessment materials for higher-risk vendors, including SOC 2 reports, ISO 27001 certifications, security questionnaires, and control evidence, synthesizing findings into clear outcomes and required follow-up actions.

Assess vendor security posture against relevant control frameworks (e.g., ISO/IEC 27001, SOC 2, NIST CSF) and document risk indicators, control gaps, and remediation requirements.

Support the review and assessment of AI-related vendor risks, including model governance, data privacy, and AI-specific control considerations for vendors deploying AI in their products or services.

Develop and maintain third-party portfolio reporting, dashboards, KPIs, and tracking outputs that provide management visibility into remediation progress, control gaps, vendor risk trends, and overall program status.

Lead data analytics and reporting initiatives that improve the quality, structure, accuracy, and usability of TPRM portfolio data across the vendor lifecycle.

Support the evaluation, implementation, and operationalisation of AI-enabled tools and automation workflows across TPRM processes, working closely with the program manager and Platform team.

Identify opportunities to improve operational efficiency, consistency, and scalability through automation and AI-assisted review.

Review and analyze vendor data, assessment outputs, contracts, and supporting documentation to identify inconsistencies, missing information, risk indicators, and opportunities for process improvement.

Support identification and analysis of portfolio-level considerations, including vendor concentration, dependency indicators, technology risk exposure, and remediation trends.

Maintain structured datasets, remediation trackers, and governance reporting used for day-to-day execution and management oversight.

Partner with Cyber, Procurement, Compliance, Legal, Finance, and other stakeholders to support effective third-party oversight, issue resolution, and data governance initiatives.

Support continuous improvement initiatives across TPRM tools, templates, workflows, and governance processes to strengthen operational consistency and scalability.  Perform additional duties as required to support the Third-Party Risk Management team and enhance Payoneer's enterprise resilience and risk management capabilities.

Education and/or Experience  Bachelor's degree required; preferred background in cybersecurity, information systems, computer science, engineering, finance, or a related discipline.  3–5 years of experience in Third-Party Risk Management, Information Security, Vendor Risk, GRC, or a related role within a financial institution or regulated environment.  Qualifications

Experience operating in a regulated, multinational environment, preferably within financial services or fintech.

Demonstrated experience executing due diligence activities and reviewing vendor assessment documentation across a structured risk framework.

Strong understanding of information security control frameworks including ISO/IEC 27001, SOC 2, and NIST CSF, with the ability to interpret and apply findings in a TPRM context.

Experience working with or evaluating AI tools, automation platforms, or data analytics solutions in a risk or compliance context.

Strong analytical and critical thinking skills, with the ability to interpret complex datasets and documentation, identify trends, and support risk-based decision-making.

Demonstrated project and delivery management capability, including coordination of timelines, dependencies, stakeholders, and remediation activities.

Strong written and verbal communication skills, including the ability to present findings and recommendations clearly to technical and non-technical stakeholders.  High level of organisation, attention to detail, accountability, and follow-through in a fast-paced environment.

Technical Skills

Advanced proficiency in Microsoft Excel, Word, and PowerPoint for analysis, documentation, and executive-level reporting.

Working knowledge of SQL and/or Python for data analysis, automation, and reporting development preferred.

Experience with Power BI, Tableau, or similar business intelligence and analytics platforms.

Familiarity with AI, machine learning, or intelligent automation tools used to support operational efficiency and scalable risk management processes.

Experience supporting reporting automation, dashboard development, workflow optimisation, or data governance initiatives.

Familiarity with third-party risk management platforms, GRC systems, or workflow management tools preferred (e.g., Panorays, ServiceNow, Archer, ProcessUnity).

Certificates or Licenses  Preferred but not required (e.g., CTPRP, CRISC, CISA, CISSP, CompTIA Security+, ISO 27001 Lead Auditor, CIA, or other relevant third-party risk, cybersecurity, audit, or risk management certifications). The Payoneer Ways of Working  Act as our customer’s partner on the inside Learning what they need and creating what will help them go further.  Do it. Own it. Being fearlessly accountable in everything we do.  Continuously improve Always striving for a higher standard than our last.  Build each other up Helping each other grow, as professionals and people.  If this sounds like a business, a community, and a mission you want to be part of, apply today. We are committed to providing a diverse and inclusive workplace. Payoneer is an equal opportunity employer, and all qualified applicants will receive consideration for employment no matter your race, color, ancestry, religion, sex, sexual orientation, gender identity, national origin, age, disability status, protected veteran status, or any other characteristic protected by law. If you require reasonable accommodation at any stage of the hiring process, please speak to the recruiter managing the role for any adjustments. Decisions about requests for reasonable accommodation are made on a case-by-case basis.