Information Security Analyst
Third Party Risk, Onsite-Hybrid
Posted on 10/18/2023
First American

10,001+ employees

Title insurance & professional settlement services
Company Overview
First American is on a mission to provide comprehensive title insurance protection and professional closing/settlement services that produce clear property titles and enable the efficient transfer of real estate.
Data & Analytics
Real Estate

Company Stage


Total Funding





Santa Ana, California

Growth & Insights

6 month growth


1 year growth


2 year growth

Orange, CA, USA
Experience Level
Desired Skills
IT & Security
  • Must have working knowledge of compliance regulations (GLBA, FFIEC, GDPR, CCPA, SOX, HIPPA, OCC), and Information Security governance standards and control frameworks; strong analysis, independent decision making skills and ability to work effectively with all levels of the organization
  • Generally requires a BS Degree in Computer Science, Information Technology, or equivalent work experience
  • Must have minimum 3 years information security experience
  • Must have 2+ years of experience performing third-party information security risk assessments or audits
  • Experience in defining third-party risk management strategy and implementing frameworks
  • Experience in developing audit and risk assessment reports
  • Experience in managing vendor relationships
  • Certification: CTPRP, CTPRA, or CISSP preferred
  • Pay Range: $69,900- $116,490 annual
  • This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location
  • #LI-BL1
  • Responsible for performing information security and business continuity risk assessments on third-party service providers (vendors) and monitoring and reporting on the remediation of deficiencies
  • Completes comprehensive information security risk assessments on potential and existing third-party service provider relationships
  • Evaluates third-party service provider engagements to asses, identify, and articulate areas of risk
  • Act as a liaison between business owners and third-party service providers to complete risk assessment activities and to establish and track acceptable risk mitigation actions
  • Participates in identifying process requirements and for specific business needs
  • Creates and generates reports; researches and analyzes data and reports trends to management/ business partners
  • Keeps abreast of industry and third-party risk security management practices and advancements and incorporates that knowledge into daily work activities
  • Coordinates, monitors or otherwise performs periodic vendor performance reviews for adherence to contractual SLAs
  • Identifies/receives problem, researches alternatives, prepares presentations, drives resolutions, gains consensus, and implements solutions for defined business processes
  • Under general supervision, oversees a small to medium scale projects or phases of a larger project
  • Maintains strict confidentiality in all matters dealing with information security matters deemed confidential by management