Cybersecurity Analyst, IT GRC

Position Responsibilities:

• Execute end-to-end third-party and vendor risk assessments, including inherent risk scoring, due diligence reviews, and residual risk evaluation
• Review and analyze third-party artifacts such as SOC reports, ISO certifications, policies, procedures, and security questionnaires
• Identify control gaps, document risk issues, and track remediation activities with vendors and internal stakeholders

Reporting, Metrics & Executive Support:

• Develop, maintain, and enhance risk metrics, dashboards, and reporting for third-party risk
• Track key performance indicators (KPIs) and key risk indicators (KRIs) related to vendor risk, assessment cycle times, remediation status, and risk trends
• Prepare materials for leadership and executive-level reporting, translating risk data into clear, actionable insights

Broader GRC Support:

• Assist with additional GRC activities as needed, including policy management, risk assessments, control testing, and compliance initiatives
• Support alignment with recognized frameworks and standards (e.g., NIST CSF, ISO 27001, SOC, FFIEC, or similar)
• Participate in continuous improvement of GRC processes, templates, and methodologies