Third Party GRC Analyst

Remote, but must be in the PST time zone, no exceptions

Full time w/ benefits

No sponsorships/No C2C

The Third Party Governance, Risk and Compliance (GRC) Analyst will join the InfoSec team to assist in executing the Third Party GRC function, which includes Third Party Risk Management (TPRM), Client Compliance and IT Risk Management. This includes facilitating activities across the GRC lifecycle to identify and address risks related to TPRM, Client Compliance, IT Risk, and proven ability to support due diligence, ongoing risk assessments and monitoring across functional areas. The Third Party Governance, Risk and Compliance (GRC) Analyst will be responsible for coordinating GRC efforts, including the review of cybersecurity controls of third-party vendors and vendor hardware, software, and services in alignment with the organization s current IT risk management standards.

In this capacity, the Third Party Governance, Risk and Compliance (GRC) Analyst will:

• Work closely with the TPRM Manager in the key phases of the Third-Party Risk Management lifecycles from pre-onboarding to off boarding of vendor relationships;
• Assist in facilitating third party risk assessments for initial due diligence and ongoing evaluation of third-party vendor services to identify potential privacy and security related risks;
• Request, review and track vendor due diligence documents utilizing MS Excel and/or Confluence, including vendor follow up and due diligence analysis;
• Manage distribution and assist in the review of required vendor cyber risk documents, such as third-party risk assessment questionnaires (e.g., SIG), audited reports of controls (i.e., SSAE18, SOC2 Type II, etc.), vendor security policies and other information to support the identification and evaluation of potential outsourcing risks;
• Demonstrate a general understanding of industry standards (such as NIST CSF) and the regulatory landscape (such as GDPR) to assist in providing comprehensive assessments across the GRC domains;
• Work with third parties and internal stakeholders to identify, track and report identified issues and risk remediation efforts;
• Assist in executing GRC methodologies and provide training/guidance to Procurement, Departments and Key Stakeholders;
• Coordinate across the InfoSec team to evaluate the vendor s security controls and identify associated risks;
• Support the risk reporting and key metrics process;
• Work with Contracts Administration/Procurement to support contractual reviews for new and existing vendors;
• Support Client Compliance efforts, including assessment completion, webshare support, and coordination with clients and client stakeholders;
• Contributes to the continuous improvement, including automation where possible, of all aspects of the GRC program;
• Stay informed about the latest developments in the vendor risk management field and other GRC domains; and
• Support various ad hoc projects across the GRC team (e.g., program enhancements, process improvements, and other functions).

Proficiencies:

• Strong understanding of the TPRM outsourcing lifecycle;
• Elevated knowledge in the GRC domains of TPRM, Compliance and Risk Management;
• Highly organized and detail oriented;
• Proactive and able to work independently;
• General knowledge of privacy and information security frameworks (e.g., NIST, ISO, etc.) and relevant regulatory requirements (e.g., GDPR, CCPA, etc.);
• Expertise on GRC trends and research to address potential security exposures;
• General understanding of GRC frameworks and principles;
• Strong written and verbal communication skills; and
• Knowledge of supplier resiliency requirements.

Qualifications:

• At least 3 years of experience in Third Party Risk Management and GRC or related fields;
• Experience working with Big 4 consulting, financial or other heavily regulated industries;
• Demonstrate integrity, accountability, respect and commitment to the Firm;
• Demonstrate excellence in managing all functions of the job;
• Apply the knowledge and skills required to perform at the highest level;
• Demonstrate best practices in professional relationships; and
• Focus on job execution and achieving results.