Third Party Governance, Risk and Compliance (GRC) ...

Third Party Governance, Risk and Compliance (GRC) Analyst Los Angeles, California - Hybrid - 3 Days Onsite Full Time The Analyst will be a key player in overseeing third-party vendor risk, ensuring regulatory compliance, and supporting enterprise GRC initiatives. The ideal candidate brings hands-on experience with GRC processes, strong familiarity with risk frameworks, and an aptitude for cross-functional collaboration. Key Responsibilities: Manage the full Third Party Risk Management (TPRM) lifecycle from vendor onboarding to offboarding Perform initial and ongoing risk assessments of third-party vendors, focusing on data privacy and cybersecurity Request, analyze, and track vendor due diligence documentation (e.g., SOC reports, SIG questionnaires, security policies) Evaluate third-party security controls in line with the firm's risk management framework Collaborate with Procurement and Legal teams to support contract and compliance reviews Coordinate with vendors and internal stakeholders on remediation plans and tracking risk mitigation Assist with client compliance requests, including questionnaires and assessments Maintain and report on key risk metrics, supporting periodic reviews and audits Contribute to the automation and optimization of GRC workflows and tools Stay updated on industry regulations (e.g., GDPR, CCPA) and best practices (e.g., NIST, ISO) Provide training and guidance to business units on GRC processes and vendor compliance expectations Participate in GRC program improvement initiatives and ad hoc security projects Required Skills & Qualifications: Minimum 3 years of experience in Third Party Risk Management, GRC, or a related security/governance field Proven track record in highly regulated environments such as finance, legal, or consulting (Big 4 experience is a plus) Strong understanding of GRC domains: compliance, enterprise risk, vendor resilience Familiarity with security and privacy frameworks such as NIST CSF, ISO 27001, GDPR, CCPA Highly organized with strong attention to detail and the ability to manage multiple priorities independently Excellent written and verbal communication skills with experience engaging cross-functional stakeholders Proficient in tools like Excel, Confluence, and common risk assessment platforms Preferred Certifications (Nice to Have): CTPRP, CRISC, CISA, CISM, or similar industry certifications

Created: 2026-03-04