Remote Jobs

Third Party GRC Analyst

PayCompetitive
LocationRemote
Employment typeFull-Time

This job is now closed

Apply to similar jobs

  • Job Description

      Req#: 3629
      Our legal client is seeking a full time Third Party GRC Analyst to join their team.

      Remote, but must be in the Los Angeles, CA area

      Full time w/ benefits

      No sponsorships/No C2C

      The Third Party Governance, Risk and Compliance (GRC) Analyst will join the InfoSec team to assist in executing the Third Party GRC function, which includes Third Party Risk Management (TPRM), Client Compliance and IT Risk Management. This includes facilitating activities across the GRC lifecycle to identify and address risks related to TPRM, Client Compliance, IT Risk, and proven ability to support due diligence, ongoing risk assessments and monitoring across functional areas. The Third Party Governance, Risk and Compliance (GRC) Analyst will be responsible for coordinating GRC efforts, including the review of cybersecurity controls of third-party vendors and vendor hardware, software, and services in alignment with the organization's current IT risk management standards.

      In this capacity, the Third Party Governance, Risk and Compliance (GRC) Analyst will:
      • Work closely with the TPRM Manager in the key phases of the Third-Party Risk Management lifecycles from pre-onboarding to off boarding of vendor relationships;
      • Assist in facilitating third party risk assessments for initial due diligence and ongoing evaluation of third-party vendor services to identify potential privacy and security related risks;
      • Request, review and track vendor due diligence documents utilizing MS Excel and/or Confluence, including vendor follow up and due diligence analysis;
      • Manage distribution and assist in the review of required vendor cyber risk documents, such as third-party risk assessment questionnaires (e.g., SIG), audited reports of controls (i.e., SSAE18, SOC2 Type II, etc.), vendor security policies and other information to support the identification and evaluation of potential outsourcing risks;
      • Demonstrate a general understanding of industry standards (such as NIST CSF) and the regulatory landscape (such as GDPR) to assist in providing comprehensive assessments across the GRC domains;
      • Work with third parties and internal stakeholders to identify, track and report identified issues and risk remediation efforts;
      • Assist in executing GRC methodologies and provide training/guidance to Procurement, Departments and Key Stakeholders;
      • Coordinate across the InfoSec team to evaluate the vendor's security controls and identify associated risks;
      • Support the risk reporting and key metrics process;
      • Work with Contracts Administration/Procurement to support contractual reviews for new and existing vendors;
      • Support Client Compliance efforts, including assessment completion, webshare support, and coordination with clients and client stakeholders;
      • Contributes to the continuous improvement, including automation where possible, of all aspects of the GRC program;
      • Stay informed about the latest developments in the vendor risk management field and other GRC domains; and
      • Support various ad hoc projects across the GRC team (e.g., program enhancements, process improvements, and other functions).

      Proficiencies:
      • Strong understanding of the TPRM outsourcing lifecycle;
      • Elevated knowledge in the GRC domains of TPRM, Compliance and Risk Management;
      • Highly organized and detail oriented;
      • Proactive and able to work independently;
      • General knowledge of privacy and information security frameworks (e.g., NIST, ISO, etc.) and relevant regulatory requirements (e.g., GDPR, CCPA, etc.);
      • Expertise on GRC trends and research to address potential security exposures;
      • General understanding of GRC frameworks and principles;
      • Strong written and verbal communication skills; and
      • Knowledge of supplier resiliency requirements.

      Qualifications:
      • At least 3 years of experience in Third Party Risk Management and GRC or related fields;
      • Experience working with Big 4 consulting, financial or other heavily regulated industries;
      • Demonstrate integrity, accountability, respect and commitment to the Firm;
      • Demonstrate excellence in managing all functions of the job;
      • Apply the knowledge and skills required to perform at the highest level;
      • Demonstrate best practices in professional relationships; and
      • Focus on job execution and achieving results.

  • About the company

      The best remote jobs for you

Notice

Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.

Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.

An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report. NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.

Other job opportunities

third party risk management jobs remote
remote grc analyst jobs in usa
it grc remote jobs
accounts payable analyst jobs remote in united states of america
analyst remote jobs
More information about Remote Jobs