Governance, Risk & Compliance Analyst (Third-Party Risk Analyst)
Compensation
$70K - 110K a year
Responsibilities
Support enterprise risk strategy, coordinate third-party vendor risk assessments, assist audits, develop security policies, maintain GRC platforms, and lead risk management initiatives.
Requirements
University degree in IT/security, 2+ years in IT security or risk management, familiarity with GRC platforms and cybersecurity frameworks, strong communication and project management skills.
Full Description
Contract No 3rd party vendor and no sponsorship offered at this time The Governance, Risk & Compliance (GRC) Analyst plays a key role in supporting the organization’s risk management strategy, with a focus on third-party risk. This role involves coordinating vendor assessments, supporting audit activities, and maintaining compliance with industry standards and regulatory frameworks. The analyst will also contribute to the development and maintenance of GRC platforms and security policies. Key Responsibilities • Support enterprise risk strategy by identifying, reporting, and managing remediation activities for key risks. • Coordinate third-party vendor risk assessments, conduct gap analyses, and maintain associated controls and metrics. • Assist with internal and external audit processes, including SOC 2, HIPAA, and HITRUST. • Develop and implement security policies, procedures, and reporting mechanisms. • Design, deploy, and maintain the GRC platform to support risk and compliance initiatives. • Lead third-party risk management efforts and contribute to incident response and business continuity/disaster recovery (BC/DR) planning. • Respond to security-related inquiries, draft technical reports, and stay informed on evolving security regulations and best practices. Required Qualifications • University degree in Information Security, Computer Science, Information Technology, or equivalent experience. • 2 or more years of experience in Information Security, IT Security, or IT Risk Management. • Familiarity with GRC platforms and cybersecurity frameworks such as HIPAA, PCI DSS, and NIST 800. • Strong communication, organizational, and project management skills. • Ability to manage multiple tasks independently in a fast-paced environment. Preferred Qualifications • Bachelor’s degree in a relevant field. • 3 or more years of experience in risk management or cybersecurity. • Experience working in healthcare environments and with frameworks such as ISO/IEC 27001/27002. • Relevant certifications such as CISM, CISA, CRISC, or CGEIT. Contract No 3rd party vendor and no sponsorship offered at this time
This job posting was last updated on 10/17/2025
Ready to have AI work for you in your job search?
Sign-up for free and start using JobLogr today!
Get Started »
