READY FOR YOUR NEXT CHALLENGE? WE ARE SEEKING TOP TALENT TO JOIN THE CYBER SECURITY TEAM!!

We are seeking a dedicated and detail-oriented IT Risk and Compliance Analyst specializing in Governance, Risk, and Compliance (GRC) and Cybersecurity to join our growing team. This role is responsible for identifying, assessing, and mitigating organizational IT risks, including third-party risks. The ideal candidate will have experience managing organizational risks, overseeing third-party relationships, and ensuring that security controls are effectively integrated into these partnerships to protect the organization’s sensitive data systems.

SKILLS AND COMPETENCIES:

• The ideal candidate will have strong knowledge of risk management, regulatory requirements, and security controls, as well as a track record of supporting GRC programs
• Solid knowledge of security frameworks and standards (e.g., NIST, PCI, ISO 27001, SOC 2, GDPR, etc.)
• Familiarity with risk management tools and platforms
• Strong understanding of regulatory and compliance requirements related to third-party security
• Excellent analytical and problem-solving skills
• Ability to communicate complex security concepts effectively to both technical and non-technical stakeholders
• Strong interpersonal skills and the ability to collaborate with cross-functional teams
• Ability to work independently and in a team environment

• THIRD-PARTY RISK ASSESSMENT:Conduct comprehensive risk assessments of third-party vendors and service providers, evaluating their security posture, policies, procedures, and controls. Identify any vulnerabilities and work with stakeholders to ensure proper mitigation plans are in place.
• DUE DILIGENCE & VENDOR EVALUATION:Support the due diligence process by evaluating the security and compliance frameworks of potential vendors. Ensure vendors meet the organization’s security standards and regulatory requirements before formal agreements are made.
• RISK ASSESSMENT & ANALYSIS:Identify and evaluate security risks related to information systems, applications, and data. Perform risk assessments to determine the likelihood and impact of potential threats.
• RISK MITIGATION:Collaborate with cross-functional teams to develop, implement, and monitor risk mitigation strategies, including technical controls, process improvements, and security policies.
• SECURITY COMPLIANCE & AUDITS:Ensure compliance with security frameworks (e.g., NIST, ISO 27001) and relevant laws (e.g., GDPR, HIPAA, SOX). Support internal and external security audits.
• REPORTING & DOCUMENTATION:Create and maintain comprehensive risk assessment reports, dashboards, and documentation to track and communicate security risk status to senior management.
• CONTINUOUS MONITORING & REPORTING:Continuously monitor third-party vendors’ security practices and compliance status throughout the lifecycle of the partnership. Develop and present regular reports to management on third-party risk status and recommended actions.
• COLLABORATION WITH BUSINESS UNITS:Work closely with procurement, legal, and other business units to integrate security requirements into vendor contracts and agreements. Provide guidance and support to business teams in managing vendor relationships with a focus on security.
• POLICY & PROCEDURE DEVELOPMENT:Develop, review, and update internal policies and procedures related to third-party risk management. Ensure that these align with industry best practices, compliance frameworks, and regulatory requirements