Los Angeles, California - Hybrid - 3 Days OnsiteFull TimeThe Analyst will be a key player in overseeing third-party vendor risk, ensuring regulatory compliance, and supporting enterprise GRC initiatives. The ideal candidate brings hands-on experience with GRC processes, strong familiarity with risk frameworks, and an aptitude for cross-functional collaboration. Key Responsibilities: Manage the full Third Party Risk Management (TPRM) lifecycle from vendor onboarding to offboardingPerform initial and ongoing risk assessments of third-party vendors, focusing on data privacy and cybersecurityRequest, analyze, and track vendor due diligence documentation (e. g.
, SOC reports, SIG questionnaires, security policies)Evaluate third-party security controls in line with the firm's risk management frameworkCollaborate with Procurement and Legal teams to support contract and compliance reviewsCoordinate with vendors and internal stakeholders on remediation plans and tracking risk mitigationAssist with client compliance requests, including questionnaires and assessmentsMaintain and report on key risk metrics, supporting periodic reviews and auditsContribute to the automation and optimization of GRC workflows and toolsStay updated on industry regulations (e. g. , GDPR, CCPA) and best practices (e. g.
, NIST, ISO)Provide training and guidance to business units on GRC processes and vendor compliance expectationsParticipate in GRC program improvement initiatives and ad hoc security projectsRequired Skills & Qualifications: Minimum 3 years of experience in Third Party Risk Management, GRC, or a related security/governance fieldProven track record in highly regulated environments such as finance, legal, or consulting (Big 4 experience is a plus)Strong understanding of GRC domains:
compliance, enterprise risk, vendor resilienceFamiliarity with security and privacy frameworks such as NIST CSF, ISO 27001, GDPR, CCPAHighly organized with strong attention to detail and the ability to manage multiple priorities independentlyExcellent written and verbal communication skills with experience engaging cross-functional stakeholdersProficient in tools like Excel, Confluence, and common risk assessment platformsPreferred Certifications (Nice to Have): CTPRP, CRISC, CISA, CISM, or similar industry certifications
Customize your resume to highlight skills and experiences relevant to this specific position.
Learn about the company's mission, values, products, and recent news before your interview.
Ensure your LinkedIn profile is complete, professional, and matches your resume information.
Prepare thoughtful questions to ask about team dynamics, growth opportunities, and company culture.
