GRC Analyst

Job Title : GRC Analyst

Client : Juniper Square

Location Remote

Job Description

Shift Timings- 3pm IST to 11pm IST

About your role

The GRC Analyst is responsible for supporting the organisation's GRC program including the third-party risk management program. The ideal candidate will have a strong understanding and experience building scalable, right-sized risk processes compliant with applicable laws and customer commitments. The successful candidate will also possess strong analytical and problem-solving skills, as well as excellent communication and interpersonal skills. This role will work closely with a broad set of cross-functional stakeholders within the company and should be able to build a rapport and influence towards appropriate risk management outcomes.

What you'll do

• Vendor and contractor risk assessment process during onboarding, adhering to a defined Service Level Agreement (SLA).
• Conduct annual vendor monitoring and re-assessment processes for existing vendors.
• Maintain the vendor inventory and collaborate with vendors on an ongoing basis to reduce identified risks.
• Triage incoming technical security requests for vendor application/system integrations and route to appropriate teams for input.
• Help mature the classification and management framework for critical vendors.
• Benchmark, identify, drive, and manage improvements to the vendor security risk management program.
• Develop, maintain, and analyze reporting and metrics to provide leadership with clear visibility into the vendor and third-party risk posture.

1. Customer Trust and Assurance

• Compliance
• Work with cross-functional teams to procure controls evidence to provide to external auditors timely and issue reports timely.
• Monitor and test effectiveness of compliance control health throughout the year; not just during audits
• Customer Trust
• Maintain our trust center by keeping security documents and knowledge base up-to-date
• Support sales teams with open security and privacy questions
• Support customer security and privacy audits

2. Governance

• Policy Management
• Update policies and procedures annually while incorporating stakeholder feedback and obtain approval
• Define and manage incoming policy exceptions on an ongoing basis to manage associated risk
• Security and Privacy Training and Awareness
• Develop and implement role and team specific security and privacy training working closely with key business partners.
• Manage the roll-out, escalation and completion of all security and privacy training modules.

3. GRC Metrics and Reporting

• Collect and report on key GRC performance metrics

4. Risk Management

• Maintain business unit risk registers with existing teams on a monthly basis to appropriately address key risks areas

Qualifications

• Bachelor's degree in information systems, engineering, business, risk management, or a related field
• 5+ years of security/GRC experience, including substantial experience with vendor security risk management and performing vendor security reviews/audits.
• Proven experience in managing and improving vendor security risk programs, including familiarity with vendor security questionnaires for third-party assessments.
• Direct experience, knowledge and understanding of major security frameworks, regulations, and standards such as SOC 2 and ISO 27001.
• Experience working effectively with diverse teams to influence security and compliance outcomes across the organization (e.g., Procurement, IT, Security, Engineering, Legal)
• Experience developing and maintaining scalable GRC processes
• Ability to partner with stakeholders collaboratively to implement a scalable approach to TPRM
• Excellent communication and interpersonal skills

Nice to Have

• Prior experience with major GRC software solutions