Senior Third-Party Risk Management Analyst

WHAT MAKES US EPIC?

At the core of Epic’s success are talented, passionate people. Epic prides itself on creating a collaborative, welcoming, and creative environment. Whether it’s building award-winning games or crafting engine technology that enables others to make visually stunning interactive experiences, we’re always innovating.

Being Epic means being a part of a team that continually strives to do right by our community and users. We’re constantly innovating to raise the bar of engine and game development.

COMPLIANCE

What We Do

We help the company do the right thing by identifying, monitoring, and reporting on potential risks in order to support the company’s goal of promoting trust in our products and services.

What You'll Do

As a Senior Third-Party Risk Management (TPRM) Analyst, you will play a key role in protecting Epic’s ecosystem by leading security-focused due diligence and ongoing oversight of third-party service providers. You will take ownership of high-impact assessments, leverage your deep knowledge of information security and GRC frameworks, and serve as a strategic partner in maturing our third-party risk program. This role will be critical in ensuring third parties align with Epic’s security, privacy, and compliance standards, especially within a fast-paced, evolving regulatory environment.

In this role, you will

• Lead third-party risk assessments with a focus on Information Security and GRC, evaluating inherent and residual risks to drive risk-informed decision-making
• Perform in-depth due diligence on prospective and existing vendors, with an emphasis on cybersecurity controls, regulatory compliance (e.g., GDPR, SOC 2, ISO 27001), and data protection practices
• Manage periodic reassessments of high-risk and critical vendors to monitor for emerging threats, changes in control environments, and compliance posture
• Ensure integrity, consistency, and audit-readiness of third-party data within the GRC platform, supporting executive reporting and regulatory compliance
• Collaborate with key stakeholders across Information Security, Privacy, Legal, Procurement, and Business Units to integrate third-party risk insights into broader enterprise risk initiatives
• Provide expert guidance during third-party offboarding, ensuring risk is appropriately retired and that data retention, access, and continuity controls are validated
• Support external audits, internal investigations, and regulatory inquiries by preparing accurate and timely responses related to TPRM practices and control effectiveness while contributing to the enhancement of TPRM policies, playbooks, and metrics to continuously mature the program

What we're looking for

• 5+ years of experience in third-party risk management, information security, IT audit, or GRC, preferably within Gaming, Technology, or Consulting
• Deep understanding of security risk assessment frameworks and best practices (e.g., NIST, ISO 27001, SIG, CSA, etc.)
• Proficiency in GRC platforms such as Archer, OneTrust, ServiceNow, or similar tools, with the ability to lead data analysis and system improvements
• Demonstrated ability to identify and assess security, privacy, and operational risks with a practical and solutions-oriented mindset
• Excellent verbal and written communication skills, with the ability to influence and challenge stakeholders at all levels while maintaining constructive relationships
• Comfortable navigating ambiguity, leading through change, and managing complex or sensitive third-party issues
• Experience with regulatory requirements related to vendor management and data security is strongly preferred
• Comfortable working in a cross-functional environment and adapting to changing business and regulatory requirements

EPIC JOB + EPIC BENEFITS = EPIC LIFE

Our intent is to cover all things that are medically necessary and improve the quality of life. We pay 100% of the premiums for both you and your dependents. Our coverage includes Medical, Dental, a Vision HRA, Long Term Disability, Life Insurance & a 401k with competitive match. We also offer a robust mental well-being program through Modern Health, which provides free therapy and coaching for employees & dependents. Throughout the year we celebrate our employees with events and company-wide paid breaks. We offer unlimited PTO and sick time and recognize individuals for 7 years of employment with a paid sabbatical.

ABOUT US

Epic Games spans across 25 countries with 46 studios and 4,500+ employees globally. For over 25 years, we've been making award-winning games and engine technology that empowers others to make visually stunning games and 3D content that bring environments to life like never before. Epic's award-winning Unreal Engine technology not only provides game developers the ability to build high-fidelity, interactive experiences for PC, console, mobile, and VR, it is also a tool being embraced by content creators across a variety of industries such as media and entertainment, automotive, and architectural design. As we continue to build our Engine technology and develop remarkable games, we strive to build teams of world-class talent.

Like what you hear? Come be a part of something Epic!

Epic Games deeply values diverse teams and an inclusive work culture, and we are proud to be an Equal Opportunity employer. Learn more about our Equal Employment Opportunity (EEO) Policy here.

Note to Recruitment Agencies: Epic does not accept any unsolicited resumes or approaches from any unauthorized third party (including recruitment or placement agencies) (i.e., a third party with whom we do not have a negotiated and validly executed agreement). We will not pay any fees to any unauthorized third party. Further details on these matters can be found here.