<p>GRC consultant - Third party risk management</p> <p>Must Have Technical/Functional Skills</p> <ul> <li>Individual who can independently assess vendor risk, evaluate control effectiveness, and align security practices with enterprise policies and cybersecurity best practices. </li><li>Aware of enterprise security policies, data protection standards, and frameworks such as SOC 2 and ISO 27001. </li><li>Experience with GRC and risk intelligence platforms such as RSA Archer, Onspring, BitSight, UpGuard, SecurityScorecard, ServiceNow, or similar tools to manage risk lifecycle activities. </li><li>Operate independently in a fast-paced environment, managing multiple concurrent assessments while maintaining high-quality documentation and professional integrity. </li><li>Must be a strong, clear, and concise communicator that is self-starting and can remain organized when faced with multiple assignments that require granular-level tracking </li></ul> <p>Roles & Responsibilities</p> <ul> <li>Lead and execute end-to-end third-party/vendor risk assessments across technology, supply chain, SaaS, and hybrid environments, identifying control gaps and recommending risk mitigation strategies. </li><li>Perform deep technical reviews of solution, application, and solution </li><li>architectures, security controls, and cloud solutions from a security engineering perspective, translating findings into actionable remediation guidance. </li><li>Conduct hands-on SOC 2 analysis, evaluate control design and operating effectiveness, and clearly articulate control gaps and risk impacts to stakeholders. </li><li>Ensure alignment of third-party assessments and internal practices with enterprise security policies, data protection standards, and frameworks such as SOC 2 and ISO 27001. </li><li>Leverage and administer GRC and risk intelligence platforms such as RSA Archer, Onspring, BitSight, UpGuard, SecurityScorecard, ServiceNow, or similar tools to manage risk lifecycle activities. </li><li>Coordination with business partners such as Legal, Procurement, IT, Privacy, Audit, and Security Operations to drive timely assessment completion and remediation tracking. </li><li>Develop and report meaningful risk metrics and program insights to leadership, demonstrating effectiveness and continuous improvement of the TPRM program. </li><li>Contribute to the development, enhancement, and rationalization of information security policies, standards, and exception processes based on risk findings and industry best practices. </li><li>Communicate complex technical and risk concepts clearly to both technical and non-technical stakeholders; build trusted relationships across business units. </li><li>Generic Managerial Skills, If any </li><li>Good communication, reporting skills </li><li>Ability to communicate complex technical and risk concepts clearly to both technical and non-technical stakeholders; build trusted relationships across business units </li></ul> <p>Educatio n</p> <p>Bachelors Degree in Computer Science</p> <p>Salary Range: $120000 - $150000 a year</p> <p>#LI-JH1</p>