Grc analyst - junior.the associate governance, risk, and compliance (grc) analyst – third-party risk will play a key role in managing and assessing the risk posture of external partners, vendors, and service providers. This position will be responsible for executing the organization's third-party risk management (tprm) program, performing risk assessments, following standardized evaluation processes, and providing clear, data-driven risk ratings and recommendations to leadership. In addition to third-party assessments, the analyst will support broader grc initiatives, including policy management, control monitoring, compliance reviews, and risk reporting. Key responsibilities third-party risk management conduct comprehensive risk assessments of third-party vendors, suppliers, and partners based on established grc frameworks and procedures. Evaluate vendor controls across domains such as data protection, cybersecurity, business continuity, and regulatory compliance. Document and track assessment results, findings, and remediation efforts in accordance with internal grc standards. Provide clear, actionable risk ratings and summaries for leadership review and decision-making. Maintain consistent application of the standardized tprm process and contribute to process improvement initiatives. Governance, risk, and compliance support assist in maintaining the enterprise risk register and ensuring mitigation plans are monitored and updated. Support internal control reviews, compliance audits, and ongoing monitoring activities. Contribute to policy and procedure documentation, ensuring alignment with regulatory and industry frameworks (e.g., nist, gdpr yes ) / hipaa and hitrust no but the knowledge of the others yes. Help coordinate periodic risk reporting and key risk indicator (kri) dashboards for senior management.rsr participate in grc-related projects and system enhancements. Collaborate on continuous improvement initiatives to enhance automation, reduce risk, and improve user experience. General requirements 2–3 years of experience in governance, risk, and compliance (grc), it risk or cybersecurity compliance. Strong communication skills in english (written and verbal) to interact with global stakeholders. Knowledge of industry frameworks such as nist and gdpr (awareness level is acceptable; hands-on expertise not required). Experience documenting findings, risks, and remediation actions, with the ability to clearly communicate results to stakeholders. Basic understanding of third-party risk management (tprm) concepts, including vendor assessments and risk rating methodologies. Familiar with optro (previously auditboard)