Job Description
Job Description
Our client, an Am 100 law firm, is seeking a Third-Party Governance, Risk, and Compliance (GRC) Analyst to join its Information Security team. This position plays a key role in executing the Third Party GRC function, with a focus on Third Party Risk Management (TPRM), Client Compliance, and IT Risk Management.
The Analyst will facilitate activities across the GRC lifecycle, including due diligence, ongoing assessments, and monitoring of third-party vendors to ensure compliance with internal standards and regulatory requirements.
Key Responsibilities:
-
Support the full lifecycle of Third-Party Risk Management from onboarding to offboarding
-
Conduct initial and ongoing risk assessments of third-party vendors to identify potential privacy and security risks
-
Request, track, and analyze vendor due diligence documentation (e.g., SIG questionnaires, SOC reports, security policies)
-
Coordinate with internal stakeholders and vendors to identify, document, and monitor risk remediation efforts
-
Evaluate vendor cybersecurity controls and align with the organizations risk management framework
-
Collaborate with Contracts/Procurement teams on reviews related to vendor engagements
-
Assist in client compliance efforts including questionnaire responses and stakeholder coordination
-
Maintain key risk metrics and support risk reporting processes
-
Contribute to continuous improvement and automation of GRC processes
-
Stay current with regulatory developments (e.g., GDPR, CCPA) and industry frameworks (e.g., NIST CSF, ISO)
-
Provide training and guidance to cross-functional stakeholders on GRC procedures
-
Participate in various ad hoc projects and GRC program enhancements
Required Skills & Experience:
-
Minimum 3 years of experience in Third Party Risk Management, GRC, or related fields
-
Experience in highly regulated industries such as finance or consulting (Big 4 experience a plus)
-
Strong knowledge of GRC domains including compliance, risk management, and supplier resiliency
-
Familiarity with privacy and security frameworks (e.g., NIST, ISO, GDPR, CCPA)
-
Highly organized, detail-oriented, and able to work independently
-
Excellent communication and stakeholder engagement skills
-
Proficiency with tools such as Excel, Confluence, and risk assessment platforms.