GRC (3rd Party Risk) Analyst

Job Title: GRC (3rd Party Risk) Analyst Duration: 12 - 24 Month Project Engagement Role Summary: The GRC Analyst is responsible for managing Client's governance, risk, and compliance functions, with a specific focus on third-party risk management. This role ensures Client operates in a compliant manner, manages its risk register, and handles security exceptions and audits. Key Responsibilities: • Manages the identification, assessment, and documentation of cybersecurity risks within a comprehensive risk register for Client. • Manages Client's GRC platform, serving as the primary administrator and optimizing its use. • Manages security exception requests from various Client business units. • Ensures continuous compliance across Client functions by confirming adherence to the NIST Cybersecurity Framework (CSF) controls. • Manages and coordinates compliance audits and assessments for Client both internal and external. • Assesses third-party vendors, ensures compliance with cybersecurity requirements, supports governance and risk reporting. • Evaluates vendor business continuity and disaster recovery capabilities. Qualifications: • Bachelor's degree in Information Security, Business, or a related field. • 3-5 years of experience in GRC, risk management, or compliance roles. • Strong knowledge of compliance frameworks (NIST CSF, ISO 27001). • Experience with GRC platforms and risk registers. • Excellent analytical and communication skills. • Relevant certifications such as CRISC, CISA, or Security+. Reports to: Chief Information Security Officer (CISO) Apply tot his job