Cybersecurity Analyst, IT GRC

About The Position

Requirements

• 2+ years of experience in Third-Party Risk Management, Vendor Risk Assessments, or GRC-related roles
• Demonstrated experience conducting or supporting third-party risk assessments
• Strong understanding of information security and risk management concepts
• Proven ability to produce clear reporting, metrics, and dashboards
• Strong analytical, organizational, and documentation skills
• Ability to learn quickly, adapt to changing priorities, and manage multiple assessments simultaneously
• Effective written and verbal communication skills

Nice To Haves

• Experience with GRC or TPRM tools (e.g., Archer, ServiceNow GRC, OneTrust, Riskonnect, or similar)
• Familiarity with regulatory and industry standards impacting third-party risk
• Experience supporting audits or regulatory examinations
• Relevant certifications (e.g., CISA, CRISC, CISSP, CTPRP, or similar)

Responsibilities

• Execute end-to-end third-party and vendor risk assessments, including inherent risk scoring, due diligence reviews, and residual risk evaluation
• Review and analyze third-party artifacts such as SOC reports, ISO certifications, policies, procedures, and security questionnaires
• Identify control gaps, document risk issues, and track remediation activities with vendors and internal stakeholders
• Support onboarding of new vendors and periodic reassessments of existing third parties
• Maintain accurate third-party risk documentation in GRC or vendor risk management tools
• Develop, maintain, and enhance risk metrics, dashboards, and reporting for third-party risk
• Track key performance indicators (KPIs) and key risk indicators (KRIs) related to vendor risk, assessment cycle times, remediation status, and risk trends
• Prepare materials for leadership and executive-level reporting, translating risk data into clear, actionable insights
• Support audits, regulatory exams, and internal reviews related to third-party risk management
• Assist with additional GRC activities as needed, including policy management, risk assessments, control testing, and compliance initiatives
• Support alignment with recognized frameworks and standards (e.g., NIST CSF, ISO 27001, SOC, FFIEC, or similar)
• Participate in continuous improvement of GRC processes, templates, and methodologies
• Collaborate with cross-functional teams including Security, IT, Legal, Procurement, Privacy, and Business Owners

Benefits

• Medical, Dental, and Vision Insurance on the first day of employment
• Flexible Spending Account and Dependent Care Account
• 401k with Profit Sharing
• 9+ holidays and discretionary time off structure
• Parental Leave – coverage for both primary and secondary caregivers
• Tuition Assistance Program and CPA support program with cash incentive upon completion
• Discretionary incentive compensation based on firm, group and individual performance
• Incentive compensation related to origination of new client sales
• Top rated wellness program
• Flexible working environment including remote and hybrid options