Role: GRC (3rd Party Risk) Analyst (Core GRC Candidate)
12 Months + possible extension
Irvine, CA, Orange County area.Note: Automotive/Automobie Industry Experience is mandatory
Role Summary: The GRC Analyst is responsible for managing MNAO s governance, risk, and compliance functions, with a specific focus on third-party risk management. This role ensures MNAO operates in a compliant manner, manages its risk register, and handles security exceptions and audits.
Key Responsibilities:
- Manages the identification, assessment, and documentation of cybersecurity risks within a comprehensive risk register for MNAO.
- Manages MNAO's GRC platform, serving as the primary administrator and optimizing its use.
- Help document and track exceptions, corrective actions, and risk treatment plans for MNAO business units.
- Ensures continuous compliance across MNAO functions by confirming adherence to the NIST Cybersecurity Framework (CSF) controls.
- Manages and coordinates compliance audits and assessments for MNAO, both internal and external.
- Assesses third-party vendors, ensures compliance with cybersecurity requirements, supports governance and risk reporting.
- Evaluates vendor business continuity and disaster recovery capabilities.
- Assist with Security Awareness Training Program.
- Support periodic reviews, updates and dissemination of cybersecurity policies, standards and procedures.
- Coordinates control testing and evidence collection to validate risk mitigation effectiveness.
- Support compliance initiatives including SOX, PCI-DSS, HIPAA, CCPA, ISO 27001, as applicable.
Qualifications:
- Bachelor's degree in Information Security, Business, or a related field.
- Over 5 years of experience in GRC, risk management, or compliance roles.
- Strong knowledge of compliance frameworks (NIST CSF, ISO 27001).
- Strong understanding of IT and security controls, including access management, change control, and vulnerability management.
- Experience with GRC platforms and risk registers.
- Excellent analytical and communication skills.
- Relevant certifications such as CRISC, CISA, CGEIT, or Security+.
Never miss an opportunity! Create an alert based on the job you applied for.