Senior Third-Party Risk Management Analyst Position Available In Wake, North Carolina
Tallo's Job Summary: The Senior Third-Party Risk Management Analyst position at Epic Games in Cary, United States, involves leading security-focused due diligence and oversight of third-party service providers to ensure alignment with security, privacy, and compliance standards. The role requires 5+ years of relevant experience, deep knowledge of risk assessment frameworks, proficiency in GRC platforms, and strong communication skills to collaborate with various stakeholders and enhance the third-party risk program. Epic offers comprehensive benefits, including medical, dental, vision, mental well-being programs, and unlimited PTO.
Job Description
Senior Third-Party Risk Management Analyst (R26687)
Department
Legal & Compliance
Location
Cary, United States
Product
Corporate
Company
Epic Games
Requisition ID
R26687
WHAT
MAKES US EPIC?
At the core of Epic’s success are talented, passionate people. Epic prides itself on creating a collaborative, welcoming, and creative environment. Whether it’s building award-winning games or crafting engine technology that enables others to make visually stunning interactive experiences, we’re always innovating.
Being Epic means being a part of a team that continually strives to do right by our community and users. We’re constantly innovating to raise the bar of engine and game development.
COMPLIANCE
What We Do
We help the company do the right thing by identifying, monitoring, and reporting on potential risks in order to support the company’s goal of promoting trust in our products and services.
What You’ll Do
As a Senior Third-Party Risk Management (TPRM) Analyst, you will play a key role in protecting Epic’s ecosystem by leading security-focused due diligence and ongoing oversight of third-party service providers. You will take ownership of high-impact assessments, leverage your deep knowledge of information security and GRC frameworks, and serve as a strategic partner in maturing our third-party risk program. This role will be critical in ensuring third parties align with Epic’s security, privacy, and compliance standards, especially within a fast-paced, evolving regulatory environment.
In this role, you will
Lead third-party risk assessments with a focus on Information Security and GRC, evaluating inherent and residual risks to drive risk-informed decision-making
Perform in-depth due diligence on prospective and existing vendors, with an emphasis on cybersecurity controls, regulatory compliance (e.g., GDPR, SOC 2, ISO 27001), and data protection practices
Manage periodic reassessments of high-risk and critical vendors to monitor for emerging threats, changes in control environments, and compliance posture
Ensure integrity, consistency, and audit-readiness of third-party data within the GRC platform, supporting executive reporting and regulatory compliance
Collaborate with key stakeholders across Information Security, Privacy, Legal, Procurement, and Business Units to integrate third-party risk insights into broader enterprise risk initiatives
Provide expert guidance during third-party offboarding, ensuring risk is appropriately retired and that data retention, access, and continuity controls are validated
Support external audits, internal investigations, and regulatory inquiries by preparing accurate and timely responses related to TPRM practices and control effectiveness while contributing to the enhancement of TPRM policies, playbooks, and metrics to continuously mature the program
What we’re looking for
5+ years of experience in third-party risk management, information security, IT audit, or GRC, preferably within Gaming, Technology, or Consulting
Deep understanding of security risk assessment frameworks and best practices (e.g., NIST, ISO 27001, SIG, CSA, etc.)
Proficiency in GRC platforms such as Archer, OneTrust, ServiceNow, or similar tools, with the ability to lead data analysis and system improvements
Demonstrated ability to identify and assess security, privacy, and operational risks with a practical and solutions-oriented mindset
Excellent verbal and written communication skills, with the ability to influence and challenge stakeholders at all levels while maintaining constructive relationships
Comfortable navigating ambiguity, leading through change, and managing complex or sensitive third-party issues
Experience with regulatory requirements related to vendor management and data security is strongly preferred
Comfortable working in a cross-functional environment and adapting to changing business and regulatory requirements
EPIC JOB + EPIC BENEFITS
=
EPIC LIFE
Our intent is to cover all things that are medically necessary and improve the quality of life. We pay 100% of the premiums for both you and your dependents. Our coverage includes Medical, Dental, a Vision HRA, Long Term Disability, Life Insurance & a 401k with competitive match. We also offer a robust mental well-being program through Modern Health, which provides free therapy and coaching for employees & dependents. Throughout the year we celebrate our employees with events and company-wide paid breaks. We offer unlimited PTO and sick time and recognize individuals for 7 years of employment with a paid sabbatical.
