Grc analyst - junior.the associate governance, risk, and compliance (grc) analyst – third-party risk will play a key role in managing and assessing the risk posture of external partners, vendors, and service providers.
this position will be responsible for executing the organization's third-party risk management (tprm) program, performing risk assessments, following standardized evaluation processes, and providing clear, data-driven risk ratings and recommendations to leadership.in addition to third-party assessments, the analyst will support broader grc initiatives, including policy management, control monitoring, compliance reviews, and risk reporting.key responsibilitiesthird-party risk management- conduct comprehensive risk assessments of third-party vendors, suppliers, and partners based on established grc frameworks and procedures.
- evaluate vendor controls across domains such as data protection, cybersecurity, business continuity, and regulatory compliance.
- document and track assessment results, findings, and remediation efforts in accordance with internal grc standards.
- provide clear, actionable risk ratings and summaries for leadership review and decision-making.
- maintain consistent application of the standardized tprm process and contribute to process improvement initiatives.governance, risk, and compliance support- assist in maintaining the enterprise risk register and ensuring mitigation plans are monitored and updated.
- support internal control reviews, compliance audits, and ongoing monitoring activities.
- contribute to policy and procedure documentation, ensuring alignment with regulatory and industry frameworks.
- help coordinate periodic risk reporting and key risk indicator (kri) dashboards for senior management.
- participate in grc-related projects and system enhancements.
- collaborate on continuous improvement initiatives to enhance automation, reduce risk, and improve user experience.general requirements- 1–3 years of experience in governance, risk, and compliance (grc), it risk or cybersecurity compliance.
- strong communication skills in english (written and verbal) to interact with global stakeholders.nice to have:- knowledge of industry frameworks such as nist and gdpr (awareness level is acceptable; hands-on expertise not required).
- experience documenting findings, risks, and remediation actions, with the ability to clearly communicate results to stakeholders.
- basic understanding of third-party risk management (tprm) concepts, including vendor assessments and risk rating methodologies.