GRC Analyst 8511

GRC Third Party Risk (TPR) Analyst What You'll Do: -Perform intake and periodic security risk and business impact assessments for vendors -Work with strategic sourcing to review contracts and provide recommendations regarding security riders -Influence purchasing decisions based on predetermined security criteria -Maintain the inventory of information assets and third parties -Monitor vendors for potential security incidents and act as the primary point of contact for incident investigations involving vendors -Create process documentation, including workflows, process maps, & controls -Provide periodic reporting, including key performance indicators (KPIs), to ensure process health and continued ability to meet business needs What We're Looking For: -3+ years of experience with third party risk management methodologies, including performing security risk assessments -Fluent in process improvement methodologies -Experience with regulatory compliance frameworks (e.g. SOX, SOC 2, ISO, NIST) -Experience with third party risk systems, including survey techniques and scoring systems -Solid understanding of how systems work, what security risks affect a variety of data, applications, and infrastructure, and how those risks translate to third parties -Experience solving complex, systemic issues that require creative thinking and solutions -Excellent verbal and written communication skills - you are able to easily translate business requirements into technical solutions and vice versa

Created: 2026-04-02