GRC Consultant Third party risk management

Job Role: GRC Consultant Third party risk management

Location: Hunt Valley, MD

Job Description:

Must Have Technical/Functional Skills

• Individual who can independently assess vendor risk, evaluate control effectiveness, and align security practices with enterprise policies and cybersecurity best practices.
• Aware of enterprise security policies, data protection standards, and frameworks such as SOC 2 and ISO 27001.
• Experience with GRC and risk intelligence platforms such as RSA Archer, Onspring, BitSight, UpGuard, Security Scorecard, ServiceNow, or similar tools to manage risk lifecycle activities.
• Operate independently in a fast-paced environment, managing multiple concurrent assessments while maintaining high-quality documentation and professional integrity.
• Must be a strong, clear, and concise communicator that is self-starting and can remain organized when faced with multiple assignments that require granular-level tracking

Roles & Responsibilities

• Lead and execute end-to-end third-party/vendor risk assessments across technology, supply chain, SaaS, and hybrid environments, identifying control gaps and recommending risk mitigation strategies.
• Perform deep technical reviews of solution, application, and solution
• architectures, security controls, and cloud solutions from a security engineering perspective, translating findings into actionable remediation guidance.
• Conduct hands-on SOC 2 analysis, evaluate control design and operating effectiveness, and clearly articulate control gaps and risk impacts to stakeholders.
• Ensure alignment of third-party assessments and internal practices with enterprise security policies, data protection standards, and frameworks such as SOC 2 and ISO 27001.
• Leverage and administer GRC and risk intelligence platforms such as RSA Archer, Onspring, BitSight, UpGuard, Security Scorecard, ServiceNow, or similar tools to manage risk lifecycle activities.
• Coordination with business partners such as Legal, Procurement, IT, Privacy, Audit, and Security Operations to drive timely assessment completion and remediation tracking.
• Develop and report meaningful risk metrics and program insights to leadership, demonstrating effectiveness and continuous improvement of the TPRM program.
• Contribute to the development, enhancement, and rationalization of information security policies, standards, and exception processes based on risk findings and industry best practices.
• Communicate complex technical and risk concepts clearly to both technical and non-technical stakeholders; build trusted relationships across business units.

Generic Managerial Skills, If any

• Good communication, reporting skills
• Ability to communicate complex technical and risk concepts clearly to both technical and non-technical stakeholders; build trusted relationships across business units

Education

Bachelors Degree in Computer Science