Job Title: GRC (3rd Party Risk) Analyst
Duration: 12 - 24 Month Project Engagement
Role Summary: The GRC Analyst is responsible for managing Client's governance, risk, and compliance functions, with a specific focus on third-party risk management. This role ensures Client operates in a compliant manner, manages its risk register, and handles security exceptions and audits.
Key Responsibilities:
• Manages the identification, assessment, and documentation of cybersecurity risks within a comprehensive risk register for Client.
• Manages Client's GRC platform, serving as the primary administrator and optimizing its use.
• Manages security exception requests from various Client business units.
• Ensures continuous compliance across Client functions by confirming adherence to the NIST Cybersecurity Framework (CSF) controls.
• Manages and coordinates compliance audits and assessments for Client both internal and external.
• Assesses third-party vendors, ensures compliance with cybersecurity requirements, supports governance and risk reporting.
• Evaluates vendor business continuity and disaster recovery capabilities.
Qualifications:
• Bachelor's degree in Information Security, Business, or a related field.
• 3-5 years of experience in GRC, risk management, or compliance roles.
• Strong knowledge of compliance frameworks (NIST CSF, ISO 27001).
• Experience with GRC platforms and risk registers.
• Excellent analytical and communication skills.
• Relevant certifications such as CRISC, CISA, or Security+.
Reports to: Chief Information Security Officer (CISO)