Job Description

Third Party Governance, Risk and Compliance (GRC) Analyst
Los Angeles, California - Hybrid - 3 Days Onsite
Full Time
The Analyst will be a key player in overseeing third-party vendor risk, ensuring regulatory compliance, and supporting enterprise GRC initiatives. The ideal candidate brings hands-on experience with GRC processes, strong familiarity with risk frameworks, and an aptitude for cross-functional collaboration.
Key Responsibilities:

• Manage the full Third Party Risk Management (TPRM) lifecycle from vendor onboarding to offboarding
• Perform initial and ongoing risk assessments of third-party vendors, focusing on data privacy and cybersecurity
• Request, analyze, and track vendor due diligence documentation (e.g., SOC reports, SIG questionnaires, security policies)
• Evaluate third-party security controls in line with the firm's risk management framework
• Collaborate with Procurement and Legal teams to support contract and compliance reviews
• Coordinate with vendors and internal stakeholders on remediation plans and tracking risk mitigation
• Assist with client compliance requests , including questionnaires and assessments
• Maintain and report on key risk metrics , supporting periodic reviews and audits
• Contribute to the automation and optimization of GRC workflows and tools
• Stay updated on industry regulations (e.g., GDPR, CCPA) and best practices (e.g., NIST, ISO)
• Provide training and guidance to business units on GRC processes and vendor compliance expectations
• Participate in GRC program improvement initiatives and ad hoc security projects

Required Skills & Qualifications:

• Minimum 3 years of experience in Third Party Risk Management , GRC , or a related security/governance field
• Proven track record in highly regulated environments such as finance, legal, or consulting (Big 4 experience is a plus)
• Strong understanding of GRC domains: compliance, enterprise risk, vendor resilience
• Familiarity with security and privacy frameworks such as NIST CSF , ISO 27001 , GDPR , CCPA
• Highly organized with strong attention to detail and the ability to manage multiple priorities independently
• Excellent written and verbal communication skills with experience engaging cross-functional stakeholders
• Proficient in tools like Excel , Confluence , and common risk assessment platforms

Preferred Certifications (Nice to Have):

• CTPRP, CRISC, CISA, CISM, or similar industry certifications

Job Tags

Full time, Contract work,

Similar Jobs