GRC Analyst

SHAZAM is looking for a GRC Analyst who will be responsible for the third-party risk management (TPRM) program, including the assessment of both third party/vendor risk and risks associated with new technologies and processes. You will be responsible for maturing a third-party risk management framework and risk assessment program across a complex-cross-functional team of stakeholders. You will develop and carry out program strategy and objectives and manage the full TPRM lifecycle, including program metrics.

What you’ll do:

As a GRC Analyst, you will play a critical role in ensuring the security and compliance of our organization's relationships with third-parties.

You will be responsible for further development, implementation, and maintenance of a comprehensive third-party risk management program, ensuring that potential risks associated with vendors are identified, assessed, and mitigated effectively.

Ensure the program is aligned with industry best practices and regulatory requirements through periodic gap analysis.

Collaborate with and lead a cross-departmental team of risk identification and controls experts to ensure SHAZAM’s risk appetite and tolerance is adhered to.

Identify and assess potential risks associated with third-party vendors and suppliers, including but not limited to cybersecurity, data privacy, regulatory compliance, financial stability, and operational resilience.

Collaborate with internal stakeholders, including Legal, IT, Compliance, and other business units, to establish and enforce standardized third-party risk management policies, procedures, and contractual requirements.

Develop and maintain a centralized repository of vendor-related information, including contracts, risk assessments, audit reports, and remediation plans.

Develop and maintain program reporting and metrics.

Conduct thorough due diligence and risk assessments of prospective and existing third-party vendors, considering their risk profile, performance, and ability to meet contractual obligations.

Monitor and evaluate the ongoing performance and compliance of third-party vendors through periodic risk assessments, audits, and performance metrics.

Implement and maintain an effective third-party risk reporting framework, providing regular updates to management, highlighting key risk areas and recommending appropriate mitigation strategies.

Provide guidance, training, and support to internal teams on third-party risk management practices, policies, and procedures.

What we’re looking for:

5+ years proven experience in third-party risk management, preferably in a regulated industry.

Bachelor's degree in business administration, finance, information technology, or a related field or equivalent work experience.

In-depth knowledge of third-party risk management principles, methodologies, and frameworks, with a strong understanding of industry standards and best practices.

Strong analytical and problem-solving skills, with the ability to assess complex risk scenarios, develop mitigation strategies, and make informed decisions.

Excellent communication and interpersonal skills, with the ability to influence and collaborate effectively with stakeholders at all levels of the organization.

Detail-oriented mindset, with the ability to manage multiple priorities and projects simultaneously, while maintaining a high level of accuracy and attention to detail.

Proficiency in using third-party risk management tools and platforms, as well as experience in leveraging data analytics for risk assessment and reporting.

Strong project management skills, with the ability to lead and execute initiatives independently and within established timelines.

A commitment to continuous learning and professional development in the field of third-party risk management.

Third-party risk management certifications are a strong plus.

Annual salary starting at $64,000 to $89,000*

*Actual compensation will be based upon factors such as geographic location, experience, education, and/or skill level and will be finalized at the time of offer.

#J-18808-Ljbffr