GRC Analyst Third-Party Risk

  • Los Angeles, CA
  • Posted 19 hours ago | Updated 6 hours ago

Overview

Remote
Hybrid
$90,000 - $120,000
Full Time

Skills

Third Party Risk Management
TPRM
GRC
Governance Risk and Compliance
Risk Analyst
Vendor Risk
Third Party Risk
Cybersecurity Risk
InfoSec
Information Security
SIG Questionnaire
SOC 2
SSAE 18
NIST CSF
GDPR
CCPA
ISO 27001
Risk Assessments
Risk Evaluation
Due Diligence
Vendor Due Diligence
Risk Reporting
Compliance Analyst
Client Compliance
Regulatory Compliance
Big 4
Financial Services
Banking
Legal Services
Healthcare
Confluence
MS Excel
Vendor Security Reviews
Procurement Support
Contracts Review
Metrics Development
Risk Metrics
GRC Frameworks
Risk Lifecycle
Security Questionnaires
Automation
Privacy Regulations

Job Details

Job Title: Third Party GRC Analyst

Location: Remote CA metro areas (Century City, Los Angeles, San Diego, San Francisco, Palo Alto, Orange County)

Position: Full-Time Direct Hire

Join a Global Industry Leader!

Overview
TalentFish is currently hiring for a Third Party Governance, Risk, and Compliance (GRC) Analyst! This position is a key role within our client s Information Security team and supports the execution of Third Party Risk Management (TPRM), Client Compliance, and IT Risk Management programs.

Ideal Candidate

The ideal candidate will be a GRC Analyst with strong experience across the full GRC lifecycle and a demonstrated focus on identifying and mitigating third-party risks in highly regulated environments. Experience in industries such as financial services, banking, legal, or healthcare is strongly preferred. Candidates with backgrounds in Big 4 firms or similar professional services organizations will be highly considered.

WHAT YOU'LL DO:
The Third Party GRC Analyst will be responsible for:

  • Supporting all phases of the TPRM lifecycle, from onboarding to offboarding vendors.
  • Conducting third-party risk assessments to identify and mitigate privacy and security risks.
  • Requesting, reviewing, and tracking due diligence documentation using MS Excel and/or Confluence.
  • Reviewing vendor risk documentation (e.g., SIG questionnaires, SOC2 Type II, SSAE18 reports, policies, etc.).
  • Applying knowledge of NIST CSF and regulatory frameworks (GDPR, etc.) in risk assessments.
  • Collaborating with internal stakeholders to track and report on vendor issues and remediation.
  • Coordinating InfoSec evaluations of vendor security controls.
  • Assisting with key risk reporting and metrics development.
  • Partnering with Procurement/Contracts teams to support vendor agreement reviews.
  • Supporting Client Compliance efforts including assessment responses and coordination with clients.
  • Contributing to continuous improvement initiatives within the GRC program (including automation).
  • Staying current on developments in TPRM and GRC practices.
  • Participating in various ad hoc GRC and risk-related projects.

WHAT YOU'LL NEED

Qualifications

  • 3+ years experience in Third Party Risk Management, GRC, InfoSec, or related roles.
  • Experience working in highly regulated professional services industries (e.g., financial services. banking, legal services, healthcare, etc.) is strongly preferred.
  • Experience working for a Big 4 Consulting Firm is a big PLUS!
  • Demonstrated ability to manage vendor cybersecurity evaluations.
  • Professionalism, accountability, and a commitment to excellence in risk and compliance.

Skills and Proficiencies

  • Strong understanding of TPRM and the outsourcing lifecycle.
  • Working knowledge of GRC best practices, frameworks, and principles.
  • Familiarity with security and privacy regulations such as NIST, ISO, GDPR, CCPA.
  • Highly organized with attention to detail and the ability to work independently.
  • Strong written and verbal communication skills.
  • Ability to collaborate with internal and external stakeholders across functions.

Compensation and Employment
This role requires authorization to work in the U.S. without current or future visa sponsorship. The expected salary range for this position is $90,000-$120,000 per year, depending on experience and qualifications. This role also qualifies for comprehensive benefits such as health insurance, 401(k), and paid time off. TalentFish is committed to pay transparency and equal opportunity. The salary range provided is in compliance with applicable state and federal regulations. All offers are contingent upon the completion of a background check, which may include but is not limited to reference checks, education verification, employment verification, drug testing, criminal records checks, and any required certifications or compliance requirements based on the end client's background check policies and applicable laws.
TalentFish is an employee-owned company pioneering a new realm in talent acquisition. We are redefining IT staffing by evolving AI, video screening, and our unique platform. TalentFish focuses on providing the best employee, consultant, and client experience possible. At TalentFish we are an Equal Opportunity Employer; we embrace and encourage diversity.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About TalentFish LLC