Job Description:Job Title: GRC AnalystFunction: Governance, Risk and Compliance (GRC)Education:Bachelor’s degree in Information Technology, Information Security, Risk Management, Business Administration, Finance, or a related disciplineProfessional certifications are a plus.Role Overview:The GRC Analyst is responsible for identifying, assessing, monitoring, and reporting risks associated with third‑party vendors, service providers, and outsourced relationships. The role ensures third‑party engagements align with the organization’s risk tolerance, regulatory requirements, and internal control standards.This position plays a critical role in operational resilience, cybersecurity risk management, regulatory compliance, and governance.Key Responsibilities:Risk Identification:Conduct comprehensive assessments of potential technical risks associated with the organization's systems, infrastructure, and technology projects.Have good understanding and working of IT infrastructure systems and devices from a security perspective like server, virtualization, cloud, applications, databases, network switches, router, firewalls, load balancers, etc.Stay abreast of industry trends, emerging technologies, and potential vulnerabilities that may impact the organization's technical landscape.Risk Assessment:Evaluate the potential impact and likelihood of identified risks, considering both internal and external factors.Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing.Have good understanding of systems and solutions like active directory (AD), email, DNS, DLP, antivirus, EDR, SIEM, etc.The ability to articulate the business risks associated with technical vulnerabilities and risks.Third‑Party Risk Assessment & MonitoringPerform end‑to‑end third‑party risk assessments during onboarding, periodic reviews, and event‑driven triggersAssess vendor risks across multiple domains, including:Information SecurityData PrivacyBusiness Continuity & Disaster RecoveryOperational RiskRegulatory and Compliance RiskEvaluate vendor responses, supporting evidence, and attestations for adequacy and accuracyIssue Management & RemediationIdentify control gaps, weaknesses, and risk issues arising from third‑party assessmentsWork with vendors and internal stakeholders to define remediation plansTrack remediation actions and validate closure evidenceRisk Reporting & MetricsMaintain third‑party risk registers, risk ratings, and issue logsPrepare risk reports, dashboards, and key risk indicators (KRIs) for managementSupport risk committees, governance forums, and senior leadership reportingStakeholder & Vendor EngagementPartner with procurement, legal, compliance, information security, privacy, and business teamsAct as a point of contact for third‑party risk‑related queriesSupport contract reviews by providing risk inputs related to vendor engagementsRegulatory, Audit & Governance SupportSupport internal audits, regulatory examinations, and client due diligence requests related to third‑party riskEnsure alignment with applicable regulations and frameworks (e.g., FedRAMP, RBI, GDPR, ISO, SOC)Assist in maintaining third‑party risk policies, standards, and proceduresProcess Improvement & ToolingContribute to improvements in TPRM processes, assessment methodologies, and workflowsAssist in enhancements or implementations of GRC platforms (e.g., Archer, ServiceNow, MetricStream)Support automation and data quality initiatives within the TPRM program.Required Skills & Competencies:Risk & Compliance KnowledgeStrong understanding of third‑party risk management lifecycleWorking knowledge of technology, cyber, and operational risk conceptsFamiliarity with regulatory expectations and risk management frameworksTools & TechnologyExperience using GRC platforms or vendor risk toolsStrong proficiency in Excel and reporting toolsAbility to analyze data and produce clear, actionable insightsCommunication & CollaborationStrong written and verbal communication skillsAbility to engage with both technical and non‑technical stakeholdersEffective time management and prioritization skills.Preferred Qualifications (Nice to Have)Total work experience of 2-5 years in relevant field of work.Bachelor's or Master's degree in Computer Science, Information Security, Risk Management, System Resiliency & Availability & Software development practices and frameworks, Products and operations, Access and identity management, application security, assurance programs, or a related field.Professional certifications such as (one or more of these):CISA, CISM, CISSP, ISO 27001 Lead Implementer/AuditorVendor Risk or Operational Risk certificationsExperience in Product management, IT service/ software, BFSI, fintech, cloud service environments, or regulated industriesExposure to global regulatory environments (FedRamp, GDPR, FFIEC, EBA, OCC, etc.)
Job Title
GRC Analyst