DevRabbit IT Solutions
Website:
devrabbit.com
Job details:
Job Title : GRC Analyst
Client : Juniper Square
Location Remote
Job Description
Shift Timings- 3pm IST to 11pm IST
About your role
The GRC Analyst is responsible for supporting the organisation's GRC program including the third-party risk management program. The ideal candidate will have a strong understanding and experience building scalable, right-sized risk processes compliant with applicable laws and customer commitments. The successful candidate will also possess strong analytical and problem-solving skills, as well as excellent communication and interpersonal skills. This role will work closely with a broad set of cross-functional stakeholders within the company and should be able to build a rapport and influence towards appropriate risk management outcomes.
What you’ll do
- Vendor and contractor risk assessment process during onboarding, adhering to a defined Service Level Agreement (SLA).
- Conduct annual vendor monitoring and re-assessment processes for existing vendors.
- Maintain the vendor inventory and collaborate with vendors on an ongoing basis to reduce identified risks.
- Triage incoming technical security requests for vendor application/system integrations and route to appropriate teams for input.
- Help mature the classification and management framework for critical vendors.
- Benchmark, identify, drive, and manage improvements to the vendor security risk management program.
- Develop, maintain, and analyze reporting and metrics to provide leadership with clear visibility into the vendor and third-party risk posture.
1. Customer Trust and Assurance
- Compliance
- Work with cross-functional teams to procure controls evidence to provide to external auditors timely and issue reports timely.
- Monitor and test effectiveness of compliance control health throughout the year; not just during audits
- Customer Trust
- Maintain our trust center by keeping security documents and knowledge base up-to-date
- Support sales teams with open security and privacy questions
- Support customer security and privacy audits
2. Governance
- Policy Management
- Update policies and procedures annually while incorporating stakeholder feedback and obtain approval
- Define and manage incoming policy exceptions on an ongoing basis to manage associated risk
- Security and Privacy Training and Awareness
- Develop and implement role and team specific security and privacy training working closely with key business partners.
- Manage the roll-out, escalation and completion of all security and privacy training modules.
3. GRC Metrics and Reporting
- Collect and report on key GRC performance metrics
4. Risk Management
- Maintain business unit risk registers with existing teams on a monthly basis to appropriately address key risks areas
Qualifications
- Bachelor's degree in information systems, engineering, business, risk management, or a related field
- 5+ years of security/GRC experience, including substantial experience with vendor security risk management and performing vendor security reviews/audits.
- Proven experience in managing and improving vendor security risk programs, including familiarity with vendor security questionnaires for third-party assessments.
- Direct experience, knowledge and understanding of major security frameworks, regulations, and standards such as SOC 2 and ISO 27001.
- Experience working effectively with diverse teams to influence security and compliance outcomes across the organization (e.g., Procurement, IT, Security, Engineering, Legal)
- Experience developing and maintaining scalable GRC processes
- Ability to partner with stakeholders collaboratively to implement a scalable approach to TPRM
- Excellent communication and interpersonal skills
Nice to Have
- Prior experience with major GRC software solutions
Click on Apply to know more.