Job Description
Job Title: GRC (3rd Party Risk) Analyst
Duration: 12 - 24 Month Project Engagement
- Role Summary: The GRC Analyst is responsible for managing Client's governance, risk, and compliance functions, with a specific focus on third-party risk management. This role ensures Client operates in a compliant manner, manages its risk register, and handles security exceptions and audits.Key Responsibilities:
- Manages the identification, assessment, and documentation of cybersecurity risks within a comprehensive risk register for Client.
- Manages Client's GRC platform, serving as the primary administrator and optimizing its use.
- Manages security exception requests from various Client business units.
- Ensures continuous compliance across Client functions by confirming adherence to the NIST Cybersecurity Framework (CSF) controls.
- Manages and coordinates compliance audits and assessments for Client both internal and external.
- Assesses third-party vendors, ensures compliance with cybersecurity requirements, supports governance and risk reporting.
- Evaluates vendor business continuity and disaster recovery capabilities. Qualifications:
- Bachelor's degree in Information Security, Business, or a related field.
- 3-5 years of experience in GRC, risk management, or compliance roles.
- Strong knowledge of compliance frameworks (NIST CSF, ISO 27001).
- Experience with GRC platforms and risk registers.
- Excellent analytical and communication skills.
- Relevant certifications such as CRISC, CISA, or Security+. Reports to: Chief Information Security Officer (CISO)
Apply tot his job
Apply To this Job