Oxford Solutions
Third Party Governance, Risk and Compliance Analyst
Oxford Solutions, Los Angeles, California, United States, 90079
Oxford Solutions is currently seeking an experienced
Third Party Governance, Risk, and Compliance (GRC) Analyst
to join the InfoSec team of a global law firm. This is a
direct hire
role offering the opportunity to make a strategic impact in a professional and security-conscious environment.
As the GRC Analyst, you will help lead the execution of Third Party Risk Management (TPRM), Client Compliance, and IT Risk Management initiatives. Your work will support vendor due diligence, ongoing risk assessments, and cross-functional compliance monitoring.
Responsibilities
Collaborate with the TPRM Manager across the vendor lifecycle, from onboarding to offboarding Facilitate due diligence and risk evaluations of third-party vendors, services, and systems Review and track vendor security documentation, including SOC2 reports, SIG questionnaires, and cyber risk policies Assist in evaluating vendor cybersecurity controls and identifying associated risks Provide support in contractual reviews with Procurement and Contracts Administration Assist in client compliance tasks including risk assessments and client audit response coordination Coordinate with the InfoSec team and stakeholders to document and track risk mitigation and remediation plans Maintain knowledge of relevant industry standards (NIST, ISO) and regulations (GDPR, CCPA) Contribute to continuous improvement and automation of the GRC program Support ad hoc GRC projects and maintain key performance metrics Requirements
3+ years of experience in GRC, TPRM, or a related compliance/risk function Experience in a regulated industry (legal, finance, or Big 4 consulting background a plus) Strong knowledge of third-party risk and GRC best practices Familiarity with cybersecurity frameworks (NIST, ISO), data privacy regulations (GDPR, CCPA), and supplier risk programs Proficient with MS Excel; experience using Confluence or similar tools Excellent organizational, communication, and analytical skills Ability to manage multiple priorities in a fast-paced, high-accountability setting Detail-oriented and self-motivated Strong interpersonal skills and ability to collaborate across departments
Third Party Governance, Risk, and Compliance (GRC) Analyst - 25-00451
Third Party Governance, Risk, and Compliance (GRC) Analyst
to join the InfoSec team of a global law firm. This is a
direct hire
role offering the opportunity to make a strategic impact in a professional and security-conscious environment.
As the GRC Analyst, you will help lead the execution of Third Party Risk Management (TPRM), Client Compliance, and IT Risk Management initiatives. Your work will support vendor due diligence, ongoing risk assessments, and cross-functional compliance monitoring.
Responsibilities
Collaborate with the TPRM Manager across the vendor lifecycle, from onboarding to offboarding Facilitate due diligence and risk evaluations of third-party vendors, services, and systems Review and track vendor security documentation, including SOC2 reports, SIG questionnaires, and cyber risk policies Assist in evaluating vendor cybersecurity controls and identifying associated risks Provide support in contractual reviews with Procurement and Contracts Administration Assist in client compliance tasks including risk assessments and client audit response coordination Coordinate with the InfoSec team and stakeholders to document and track risk mitigation and remediation plans Maintain knowledge of relevant industry standards (NIST, ISO) and regulations (GDPR, CCPA) Contribute to continuous improvement and automation of the GRC program Support ad hoc GRC projects and maintain key performance metrics Requirements
3+ years of experience in GRC, TPRM, or a related compliance/risk function Experience in a regulated industry (legal, finance, or Big 4 consulting background a plus) Strong knowledge of third-party risk and GRC best practices Familiarity with cybersecurity frameworks (NIST, ISO), data privacy regulations (GDPR, CCPA), and supplier risk programs Proficient with MS Excel; experience using Confluence or similar tools Excellent organizational, communication, and analytical skills Ability to manage multiple priorities in a fast-paced, high-accountability setting Detail-oriented and self-motivated Strong interpersonal skills and ability to collaborate across departments
Third Party Governance, Risk, and Compliance (GRC) Analyst - 25-00451