GRC Analyst (Third Party Risk)

About The Position

Requirements

• Bachelor’s degree in Information Security, Risk Management, Computer Science, or related field.
• 3+ years of experience in third-party risk management, GRC, or cybersecurity compliance.
• Demonstrated experience conducting vendor risk assessments and managing third-party compliance programs.
• Strong understanding of security and privacy frameworks: NIST, ISO, HITRUST, SOC 2, GDPR.
• Experience with ServiceNow GRC or similar platforms for vendor risk workflows.
• Excellent written and verbal communication skills for both technical and non-technical audiences.
• Strong organizational skills with the ability to manage multiple vendor risk assessments simultaneously.
• For this remote first role candidates must reside, at the time of application, in Wisconsin, Illinois or Iowa and be able to travel to our Brookfield, Wisconsin offices for required interviews and onboarding.

Responsibilities

• Execute the third-party risk assessments which may include vendor onboarding, due diligence, risk assessments, remediation, and ongoing monitoring.
• Collaborate with internal stakeholders and senior security professionals to ensure vendor contracts align with security and compliance requirements.
• Evaluate vendor controls against frameworks such as HITRUST, SOC 2, ISO 27001, and GDPR.
• Support internal and external audits involving third-party risk components and regulatory frameworks.
• Maintain alignment with industry standards and evolving regulations impacting vendor risk and compliance.
• Utilize platforms such as ServiceNow GRC to track vendor risk assessments, issues, and remediation plans.
• Partner with team to improve assessment processes and reporting.
• Provide regular dashboards and reports summarizing vendor risk posture, compliance gaps, and remediation progress.

Benefits

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Work From Home availability