| Job Description: |
• Support Third‑Party Risk Management (TPRM) and Governance, Risk & Compliance (GRC) initiatives
• Administer and leverage GRC platforms such as RSA Archer, Onspring, BitSight, UpGuard, SecurityScorecard, ServiceNow, or similar tools
• Lead and perform end‑to‑end third‑party/vendor risk assessments across technology, SaaS, supply chain, and hybrid environments
• Identify control gaps and provide clear, actionable risk‑mitigation recommendations
• Conduct deep technical reviews of solution architectures, application architectures, security controls, and cloud deployments
• Translate technical findings into clear remediation guidance for stakeholders
• Perform hands‑on SOC 2 analysis, assessing design and operating effectiveness of controls
• Clearly communicate SOC 2 findings, control gaps, and risk exposure to technical and non‑technical audiences
• Ensure alignment with enterprise security policies, data protection standards, and frameworks such as SOC 2 and ISO 27001
• Collaborate with Legal, Procurement, IT, Privacy, Audit, and Security Operations teams to drive timely assessments and remediation tracking
• Develop and present meaningful risk metrics, dashboards, and program insights for leadership reporting
• Contribute to updates and enhancements of information security policies, standards, and exception processes
• Communicate complex security and risk concepts clearly to diverse stakeholders
• Build trusted cross‑functional relationships supporting business units
• Work independently in a fast‑paced environment and manage multiple simultaneous assessments
• Maintain high‑quality documentation, strong organization, and professional integrity
• Strong, concise communicator with excellent written and verbal skills |
