Grc analyst - junior.
the associate governance, risk, and compliance (grc) analyst – third-party risk will play a key role in managing and assessing the risk posture of external partners, vendors, and service providers. this position will be responsible for executing the organization’s third-party risk management (tprm) program, performing risk assessments, following standardized evaluation processes, and providing clear, data-driven risk ratings and recommendations to leadership .
in addition to third-party assessments, the analyst will support broader grc initiatives, including policy management, control monitoring, compliance reviews, and risk reporting.
key responsibilities
third-party risk management
* conduct comprehensive risk assessments of third-party vendors, suppliers, and partners based on established grc frameworks and procedures.
* evaluate vendor controls across domains such as data protection, cybersecurity, business continuity, and regulatory compliance.
* document and track assessment results, findings, and remediation efforts in accordance with internal grc standards.
* provide clear, actionable risk ratings and summaries for leadership review and decision-making.
* maintain consistent application of the standardized tprm process and contribute to process improvement initiatives.
governance, risk, and compliance support
* assist in maintaining the enterprise risk register and ensuring mitigation plans are monitored and updated.
* support internal control reviews, compliance audits, and ongoing monitoring activities.
* contribute to policy and procedure documentation, ensuring alignment with regulatory and industry frameworks (e.g., nist, gdpr yes ) / hipaa and hitrust no but the knowledge of the others yes.
* help coordinate periodic risk reporting and key risk indicator (kri) dashboards for senior management.rsr
* participate in grc-related projects and system enhancements.
* collaborate on continuous improvement initiatives to enhance automation, reduce risk, and improve user experience.
general requirements
* 2–3 years of experience in governance, risk, and compliance (grc), it risk or cybersecurity compliance.
* strong communication skills in english (written and verbal) to interact with global stakeholders.
* knowledge of industry frameworks such as nist and gdpr (awareness level is acceptable; hands-on expertise not required).
* experience documenting findings, risks, and remediation actions, with the ability to clearly communicate results to stakeholders.
* basic understanding of third-party risk management (tprm) concepts, including vendor assessments and risk rating methodologies.
* familiar with optro (previously auditboard)