You are viewing a preview of this job. Log in or register to view more details about this job.
Email

Job Title: Third-Party Risk Analyst II

Job Requisition ID: 49379 

Closing Date: 09/08/25

Salary: $7,787/Monthly

Work Hours: M-F 8:30AM - 5:00PM

Work Location: (Hybrid) 120 W Jefferson St Springfield, IL 62702-5170

Union Position: Yes

Work authorization: US work authorization required at time of application. No sponsorship available. Not eligible for F1 OPT/CPT. Positions are W2 only and cannot be converted to a contract position. If you have questions about your work authorization eligibility, please email doit.recruitment@illinois.gov. 

Questions? Email doit.recruitment@illinois.gov

Transcripts are required for consideration.

 

Are you looking for a rewarding career with an organization that values their staff? The Department of Innovation & Technology (DoIT) is seeking to hire qualified candidates with the opportunity to work in a dynamic, creative thinking, problem solving environment. 

This position serves as a Third-Party Risk Analyst II for the Department of Innovation & Technology (DoIT), in performing complex professional and advisory functions in System Services and advanced professional assignments in support of the Third-Party Risk Management (TPRM) program. 

In this role, you will conduct and coordinate in-depth security risk assessments of third-party vendors to evaluate control effectiveness, identify vulnerabilities, and assess potential threats to state data assets. 

Additionally, you will support the advancement of the Third-Party Risk Management (TPRM) program by enhancing tools, frameworks, processes, and documentation to drive consistency and effectiveness. 

If you possess these knowledges, skills, abilities, and experience, we invite you to apply for this position to join the DoIT Team!

 

As a State of Illinois employee, you receive a comprehensive benefits package including:

  • Competitive Group Insurance benefits including health, life, dental and vision plans.
  • Flexible work schedules (when available and dependent upon position).
  • 10 -25 days of paid vacation time annually (10 days for first year of state employment).
  • 12 days of paid sick time annually which carryover year to year.
  • 3 paid personal business days per year.
  • 13-14 paid holidays per year dependent on election years.
  • 12 weeks of paid parental leave.
  • Pension plan through the State Employees Retirement System.
  • Deferred Compensation Program – voluntary supplemental retirement plan.
  • Optional pre-tax programs -Medical Care Assistance Plan (MCAP) & Dependent Care Assistant Plan (DCAP).
  • Tuition Reimbursement Program and Federal Public Service Loan Forgiveness Program eligibility.

For more information regarding State of Illinois Benefits follow this link: https://www2.illinois.gov/cms/benefits/Pages/default.aspx

 

Essential Functions

  • Under administrative direction, serves as a Third-Party Risk Analyst II for the Department of Innovation & Technology (DoIT) performing complex professional and advisory functions in System Services and advanced professional assignments in support of the Third-Party Risk Management (TPRM) program.
  • Supports the advancement of the Third-Party Risk Management (TPRM) program by enhancing tools, frameworks, processes, and documentation to drive consistency and effectiveness.
  • Collaborates on highly complex team initiatives and contributes to cross-functional efforts supporting Governance, Risk, & Compliance (GRC) objectives.
  • Monitors third-party threats and evolving regulatory expectations to support risk awareness and enhance satiation awareness across the organization.
  • Keeps abreast of new developments in the information technology field by continuing education through online training platforms, meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures.
  • Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above.

 

Minimum Qualifications

  • Requires knowledge, skill, and mental development equivalent to four (4) years of college with coursework in computer science or directly related fields.
  • Requires three (3) years of professional experience in System Services or a related Information Technology field.

 

Preferred Qualifications (In Order of Significance)

  • Three (3) years of professional experience conducting detailed third-party risk reviews (e.g., SOC 2 Type 2 analysis), or related position(s) applying relevant regulatory and cybersecurity standards to evaluate controls, identify vulnerabilities, and assess risks to sensitive data.
  • Three (3) years of professional experience utilizing and implementing the ServiceNow IRM suite of modules to support governance, risk, and compliance activities.
  • Three (3) years of professional experience leading or contributing to the development or continuous improvement of third-party risk management playbooks, assessment templates, or standard operating procedures, including training or change management efforts to promote adoption and consistency.
  • One (1) year of professional experience implementing, managing, and leading automation and process improvement initiatives within the ServiceNow Third-Party Risk Management module, including assessment workflows and enhanced risk analysis automation.
  • Three (3) years of professional experience analyzing and effectively communicating complex third-party risk issues, findings, and mitigation strategies to both technical and non-technical stakeholders through written documentation and verbal briefings.
  • Demonstrated ability to adapt third-party risk processes and frameworks in response to emerging threats, changes in regulatory requirements, or evolving business needs.
  • Ability to gain and maintain effective cross-functional working relationships and collaborate with vendors, clients, legal, procurement, or other business units to align third-party risk assessments with contract requirements, onboarding, procurement workflows, and governance objectives.
  • Working knowledge of control frameworks, to include (NIST 800-53, NIST 800-161, and ISO 27001), with demonstrated application of these frameworks to vendor security evaluations and regulatory compliance.
  • Working knowledge of the State of Illinois Information Security Program, procurement processes, and other similarly relevant compliance obligations related to vendor oversight and third-party risk management.
  • Certified Information Systems Auditor (CISA), Certified Third-Party Risk Assessor (CTPRA), Certified in Risk and Information Systems Control (CRISC), or equivalent.

 

Conditions of Employment

NOTE: Applicants must possess the ability to meet ALL of the following conditions of employment, with or without reasonable accommodation, to be considered for this position.

  • Requires the ability to verify identity and requires employment authorization to accept permanent full-time position with the State of Illinois.
  • Requires the ability to pass a position specific, agency required background check and requires self-disclosure of criminal history.
  • Requires the ability to travel in the performance of duties.
  • Requires the ability to work outside of normal hours to meet deadlines and requires the ability to work overtime including scheduled, unscheduled, short notice, evening, weekends, and holidays.
  • Requires the ability to use agency supplied equipment such as laptop, personal computer, work cell phone, etc.
  • Requires the ability to attend seminars, conferences, and training to remain current on methods, tools, ideologies, or other industry related topics relevant to job duties.
  • Requires the ability to lift and carry objects or equipment weighing up to 10 pounds. This is considered sedentary work as defined by the U.S. Department of Labor (20 CFR 404.1567(a)). Sedentary work involves lifting no more than 10 pounds at a time and requires occasional lifting, carrying, walking, and standing. 
  • Requires adherence to the revolving door restrictions outlined in 5 ILCS 430/5-45. Consequently, employees should be aware that in the event of receiving a non-State employment offer during state employment or within one year immediately following the termination of State employment, they are required to inform the Office of the Executive Inspector General for the Agencies (OEIG) of the Illinois Governor before accepting such non-State employment. Failure to notify the OEIG may result in the imposition of a fine.
  • Requires compliance with the provisions outlined in section 4A-101 of the Illinois Governmental Ethics Act, necessitating the occupant of this position to file of a Statement of Economic Interest. Pursuant to the Illinois Governmental Ethics Act (5 ILCS 420/4A et seq.), specific state officials and employees are required to annually submit Statements of Economic Interest to the Office of the Secretary of State, which will be accessible to the public for examination and copying. Employees subject to this requirement must also file a Supplemental Statement of Economic Interest with the Executive Ethics Commission, as specified in Executive Order 15-09. Failure to submit these statements in a timely manner may result in fines and penalties.
  • The conditions of employment listed are incorporated and/or related to any duties included in the position description.