GRC Analyst

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Job Title: GRC Analyst Function: Governance, Risk and Compliance (GRC) Location: Pune (Hybrid) Experience: 2–5 years Education Bachelor’s degree in Information Technology, Information Security, Risk Management, Business Administration, Finance, or a related discipline Professional certifications are a plus Role Overview The GRC Analyst is responsible for identifying, assessing, monitoring, and reporting risks associated with third‑party vendors, service providers, and outsourced relationships. The role ensures third‑party engagements align with the organization’s risk tolerance, regulatory requirements, and internal control standards. This position plays a critical role in operational resilience, cybersecurity risk management, regulatory compliance, and governance. Key Responsibilities Risk Identification: Conduct comprehensive assessments of potential technical risks associated with the organization's systems, infrastructure, and technology projects. Have good understanding and working of IT infrastructure systems and devices from a security perspective like server, virtualization, cloud, applications, databases, network switches, router, firewalls, load balancers, etc. Stay abreast of industry trends, emerging technologies, and potential vulnerabilities that may impact the organization's technical landscape. Risk Assessment: Evaluate the potential impact and likelihood of identified risks, considering both internal and external factors. Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing. Have good understanding of systems and solutions like active directory (AD), email, DNS, DLP, antivirus, EDR, SIEM, etc. The ability to articulate the business risks associated with technical vulnerabilities and risks. Third‑Party Risk Assessment & Monitoring Perform end‑to‑end third‑party risk assessments during onboarding, periodic reviews, and event‑driven triggers Assess vendor risks across multiple domains, including: Information Security Data Privacy Business Continuity & Disaster Recovery Operational Risk Regulatory and Compliance Risk Evaluate vendor responses, supporting evidence, and attestations for adequacy and accuracy Issue Management & Remediation Identify control gaps, weaknesses, and risk issues arising from third‑party assessments Work with vendors and internal stakeholders to define remediation plans Track remediation actions and validate closure evidence Risk Reporting & Metrics Maintain third‑party risk registers, risk ratings, and issue logs Prepare risk reports, dashboards, and key risk indicators (KRIs) for management Support risk committees, governance forums, and senior leadership reporting Stakeholder & Vendor Engagement Partner with procurement, legal, compliance, information security, privacy, and business teams Act as a point of contact for third‑party risk‑related queries Support contract reviews by providing risk inputs related to vendor engagements Regulatory, Audit & Governance Support Support internal audits, regulatory examinations, and client due diligence requests related to third‑party risk Ensure alignment with applicable regulations and frameworks (e.g., FedRAMP, RBI, GDPR, ISO, SOC) Assist in maintaining third‑party risk policies, standards, and procedures Process Improvement & Tooling Contribute to improvements in TPRM processes, assessment methodologies, and workflows Assist in enhancements or implementations of GRC platforms (e.g., Archer, ServiceNow, MetricStream) Support automation and data quality initiatives within the TPRM program Required Skills & Competencies Risk & Compliance Knowledge Strong understanding of third‑party risk management lifecycle Working knowledge of technology, cyber, and operational risk concepts Familiarity with regulatory expectations and risk management f ... (truncated, view full listing at source)