Job title: GRC Analyst

Location:  REMOTE

Experience: 8-10+ Years

Mandatory Skills:

• Support Third-Party Risk Management (TPRM) and Governance, Risk & Compliance (GRC) initiatives

• Administer and leverage GRC platforms such as RSA Archer, Onspring, BitSight, UpGuard, SecurityScorecard, ServiceNow, or similar tools

• Lead and perform end-to-end third-party/vendor risk assessments across technology, SaaS, supply chain, and hybrid environments

• Identify control gaps and provide clear, actionable risk-mitigation recommendations

• Conduct deep technical reviews of solution architectures, application architectures, security controls, and cloud deployments

• Translate technical findings into clear remediation guidance for stakeholders

• Perform hands-on SOC 2 analysis, assessing design and operating effectiveness of controls

• Clearly communicate SOC 2 findings, control gaps, and risk exposure to technical and non-technical audiences

• Ensure alignment with enterprise security policies, data protection standards, and frameworks such as SOC 2 and ISO 27001

• Collaborate with Legal, Procurement, IT, Privacy, Audit, and Security Operations teams to drive timely assessments and remediation tracking

• Develop and present meaningful risk metrics, dashboards, and program insights for leadership reporting

• Contribute to updates and enhancements of information security policies, standards, and exception processes

• Communicate complex security and risk concepts clearly to diverse stakeholders

• Build trusted cross-functional relationships supporting business units

• Work independently in a fast-paced environment and manage multiple simultaneous assessments

• Maintain high-quality documentation, strong organization, and professional integrity

• Strong, concise communicator with excellent written and verbal skills