SourcePro Search, LLC
3rd Party Governance, Risk and Compliance (GRC) Analyst (Law Firm...
SourcePro Search, LLC - Los Angeles, California, United States, 90011
Work at SourcePro Search, LLC
Overview
- View job
Overview
We are conducting a search for an experienced Third Party Governance, Risk and Compliance (GRC) Analyst with a minimum of three years' experience and a background in working with Big 4 consulting firms, financial institutions, or other highly regulated industries.
The ideal candidate will join the InfoSec team to assist in executing the Third Party GRC function, which includes Third Party Risk Management (TPRM), Client Compliance and IT Risk Management. This includes facilitating activities across the GRC lifecycle to identify and address risks related to TPRM, Client Compliance, IT Risk, and proven ability to support due diligence, ongoing risk assessments and monitoring across functional areas. The Third Party Governance, Risk and Compliance (GRC) Analyst will be responsible for coordinating GRC efforts, including the review of cybersecurity controls of third-party vendors and vendor hardware, software, and services in alignment with the organization's current IT risk management standards.
What You'll Do:
Work closely with the TPRM Manager in the key phases of the Third-Party Risk Management lifecycles from pre-onboarding to off boarding of vendor relationships; Assist in facilitating third party risk assessments for initial due diligence and ongoing evaluation of third-party vendor services to identify potential privacy and security related risks; Request, review and track vendor due diligence documents utilizing MS Excel and/or Confluence, including vendor follow up and due diligence analysis; Manage distribution and assist in the review of required vendor cyber risk documents, such as third-party risk assessment questionnaires (e.g., SIG), audited reports of controls (i.e., SSAE18, SOC2 Type II, etc.), vendor security policies and other information to support the identification and evaluation of potential outsourcing risks; Demonstrate a general understanding of industry standards (such as NIST CSF) and the regulatory landscape (such as GDPR) to assist in providing comprehensive assessments across the GRC domains; Work with third parties and internal stakeholders to identify, track and report identified issues and risk remediation efforts; Assist in executing GRC methodologies and provide training/guidance to Procurement, Departments and Key Stakeholders; Coordinate across the InfoSec team to evaluate the vendor's security controls and identify associated risks; Support the risk reporting and key metrics process; Work with Contracts Administration/Procurement to support contractual reviews for new and existing vendors; Support Client Compliance efforts, including assessment completion, webshare support, and coordination with clients and client stakeholders; Contributes to the continuous improvement, including automation where possible, of all aspects of the GRC program; Stay informed about the latest developments in the vendor risk management field and other GRC domains; and Support various ad hoc projects across the GRC team (e.g., program enhancements, process improvements, and other functions).
What You'll Bring:
At least 3 years of experience in Third Party Risk Management and GRC or related fields; Experience working with Big 4 consulting, financial or other heavily regulated industries; Demonstrate integrity, accountability, respect and commitment to the Firm; Demonstrate excellence in managing all functions of the job; Apply the knowledge and skills required to perform at the highest level; Demonstrate best practices in professional relationships; and Focus on job execution and achieving results. Strong understanding of the TPRM outsourcing lifecycle; Elevated knowledge in the GRC domains of TPRM, Compliance and Risk Management; Highly organized and detail oriented; Proactive and able to work independently; General knowledge of privacy and information security frameworks (e.g., NIST, ISO, etc.) and relevant regulatory requirements (e.g., GDPR, CCPA, etc.); Expertise on GRC trends and research to address potential security exposures; General understanding of GRC frameworks and principles; Strong written and verbal communication skills; and Knowledge of supplier resiliency requirements.
The ideal candidate will join the InfoSec team to assist in executing the Third Party GRC function, which includes Third Party Risk Management (TPRM), Client Compliance and IT Risk Management. This includes facilitating activities across the GRC lifecycle to identify and address risks related to TPRM, Client Compliance, IT Risk, and proven ability to support due diligence, ongoing risk assessments and monitoring across functional areas. The Third Party Governance, Risk and Compliance (GRC) Analyst will be responsible for coordinating GRC efforts, including the review of cybersecurity controls of third-party vendors and vendor hardware, software, and services in alignment with the organization's current IT risk management standards.
What You'll Do:
Work closely with the TPRM Manager in the key phases of the Third-Party Risk Management lifecycles from pre-onboarding to off boarding of vendor relationships; Assist in facilitating third party risk assessments for initial due diligence and ongoing evaluation of third-party vendor services to identify potential privacy and security related risks; Request, review and track vendor due diligence documents utilizing MS Excel and/or Confluence, including vendor follow up and due diligence analysis; Manage distribution and assist in the review of required vendor cyber risk documents, such as third-party risk assessment questionnaires (e.g., SIG), audited reports of controls (i.e., SSAE18, SOC2 Type II, etc.), vendor security policies and other information to support the identification and evaluation of potential outsourcing risks; Demonstrate a general understanding of industry standards (such as NIST CSF) and the regulatory landscape (such as GDPR) to assist in providing comprehensive assessments across the GRC domains; Work with third parties and internal stakeholders to identify, track and report identified issues and risk remediation efforts; Assist in executing GRC methodologies and provide training/guidance to Procurement, Departments and Key Stakeholders; Coordinate across the InfoSec team to evaluate the vendor's security controls and identify associated risks; Support the risk reporting and key metrics process; Work with Contracts Administration/Procurement to support contractual reviews for new and existing vendors; Support Client Compliance efforts, including assessment completion, webshare support, and coordination with clients and client stakeholders; Contributes to the continuous improvement, including automation where possible, of all aspects of the GRC program; Stay informed about the latest developments in the vendor risk management field and other GRC domains; and Support various ad hoc projects across the GRC team (e.g., program enhancements, process improvements, and other functions).
What You'll Bring:
At least 3 years of experience in Third Party Risk Management and GRC or related fields; Experience working with Big 4 consulting, financial or other heavily regulated industries; Demonstrate integrity, accountability, respect and commitment to the Firm; Demonstrate excellence in managing all functions of the job; Apply the knowledge and skills required to perform at the highest level; Demonstrate best practices in professional relationships; and Focus on job execution and achieving results. Strong understanding of the TPRM outsourcing lifecycle; Elevated knowledge in the GRC domains of TPRM, Compliance and Risk Management; Highly organized and detail oriented; Proactive and able to work independently; General knowledge of privacy and information security frameworks (e.g., NIST, ISO, etc.) and relevant regulatory requirements (e.g., GDPR, CCPA, etc.); Expertise on GRC trends and research to address potential security exposures; General understanding of GRC frameworks and principles; Strong written and verbal communication skills; and Knowledge of supplier resiliency requirements.