Third Party Security Analyst

Company Description

JOB DESCRIPTION

Tradeweb Markets is a world leader in the evolution of electronic trading. A fintech company serving approximately 2,500 clients—including the world’s largest banks, asset managers, hedge funds, insurance companies, wealth managers, and retail clients—in more than 65 countries across the globe. Since our first trade in 1998, we have helped transform and electronify the fixed income markets.

Tradeweb is a culture built on innovation, creativity, and collaboration. Through a combination of incredibly talented and driven people, innovative products and solutions, cutting-edge technology, market data, and a vast client network, we continue to work together to improve the way financial markets trade.

Mission: Move first and never stop. Collaborate with clients to create and build solutions that drive efficiency, connectivity, and transparency in electronic trading.

Tradeweb Markets LLC (“Tradeweb”) is proud to be an EEO Minorities/Females/Protected Veterans/Disabled/Affirmative Action Employer.

https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf

Group Details

Tradeweb’s Cyber Security team plays a critical role in protecting the firm, its clients, and its employees from an evolving third-party threat landscape. The Vendor Cyber Risk Analyst will be responsible for assessing, monitoring, and managing cybersecurity risks introduced by third-party vendors and service providers.

This role works closely with Procurement, Legal, Compliance, Technology, and Business teams to ensure vendor risks are identified, assessed, and mitigated in alignment with Tradeweb’s risk appetite and regulatory obligations. The ideal candidate brings strong cyber risk fundamentals, excellent communication skills, and experience operating in regulated financial environments.

Job Responsibilities

• Lead and perform cybersecurity risk assessments for third-party vendors, suppliers, and service providers
• Review and analyze vendor security artifacts, including SOC 1/SOC 2 reports and ISO 27001 certifications
• Review penetration testing summaries, architecture diagrams, technical documents, and security policies
• Evaluate vendor responses to cybersecurity questionnaires and due diligence requests
• Define vendor risk ratings and document identified risks, gaps, and remediation plans
• Partner with Risk, Procurement, and Legal teams to support vendor onboarding and contract reviews
• Track vendor remediation efforts and follow up on outstanding risk items
• Monitor vendor-related security incidents and escalate issues in accordance with incident response procedures
• Act as a subject matter expert and advisor to internal stakeholders on vendor cyber risk matters
• Maintain vendor risk records, metrics, and reporting within GRC or vendor risk management platforms
• Drive continuous improvement of third-party cyber risk management processes, standards, and controls
• Support regulatory exams, audits, and internal reviews related to third-party cyber risk
  
  

• 7+ years of experience in cybersecurity, IT risk management, third-party risk management, or information security
• Strong understanding of cybersecurity principles, including access control, data protection, network security, and incident response
• Hands-on experience reviewing vendor security documentation (SOC reports, ISO certifications, risk assessments)
• Solid knowledge of security frameworks and standards such as NIST, ISO 27001, SOC, and CIS
• Experience using GRC or third-party risk management tools
• Ability to assess and communicate risk clearly to both technical and non-technical stakeholders
• Strong analytical, documentation, and organizational skills
• Proven ability to manage multiple vendor assessments simultaneously and meet deadlines with minimal supervision
• Basic awareness of AI-enabled features within cybersecurity or vendor risk platforms (e.g., automated risk scoring, workflow automation)
• Ability to interpret AI-assisted insights and apply human judgment to validate findings
  
  

• Experience in financial services or other highly regulated industries
• Professional certifications such as CISA, CRISC, CISSP, or Security+
• Familiarity with security rating services (e.g., BitSight, SecurityScorecard)
• Experience producing KPIs and risk reporting for senior management