GRC Analyst (Third Party Risk)

As part of ongoing programmatic service offerings to a strategic client, SysLogic is seeking to add a Third-Party Risk & Governance, Risk, and Compliance (GRC) Analyst to join our growing Information Security team. This role will be pivotal in strengthening the organization’s third-party risk management program while ensuring overall compliance with regulatory and industry standards. The ideal candidate will be detail-oriented, highly organized, and a strong communicator with experience assessing vendor security risk, third-party compliance activities, and participating in the enhancement of the GRC processes.

The successful candidate will have a proven track record in conducting vendor security assessments, providing third-party analysis, and supporting compliance efforts aligned with HITRUST, SOC 2, GDPR, HIST, and ISO/IEC 27001. Experience leveraging tools such as ServiceNow for risk tracking, and documentation is highly desired.

Key Responsibilities:

Analyze Third-Party Risk Management (TPRM) Assessments:

• Execute the third-party risk assessments which may include vendor onboarding, due diligence, risk assessments, remediation, and ongoing monitoring.
• Collaborate with internal stakeholders and senior security professionals to ensure vendor contracts align with security and compliance requirements.

Conduct Vendor Security Assessments:

• Evaluate vendor controls against frameworks such as HITRUST, SOC 2, ISO 27001, and GDPR.

Perform GRC Activities:

• Support internal and external audits involving third-party risk components and regulatory frameworks.
• Maintain alignment with industry standards and evolving regulations impacting vendor risk and compliance.

Enhance GRC Technology & Reporting:

• Utilize platforms such as ServiceNow GRC to track vendor risk assessments, issues, and remediation plans.
• Partner with team to improve assessment processes and reporting.

Risk Analysis & Reporting:

• Provide regular dashboards and reports summarizing vendor risk posture, compliance gaps, and remediation progress.

Requirements

• Bachelor’s degree in Information Security, Risk Management, Computer Science, or related field.
• 3+ years of experience in third-party risk management, GRC, or cybersecurity compliance.
• Demonstrated experience conducting vendor risk assessments and managing third-party compliance programs.
• Strong understanding of security and privacy frameworks: NIST, ISO, HITRUST, SOC 2, GDPR.
• Experience with ServiceNow GRC or similar platforms for vendor risk workflows.
• Excellent written and verbal communication skills for both technical and non-technical audiences.
• Strong organizational skills with the ability to manage multiple vendor risk assessments simultaneously.

Benefits

This is a contract role within SysLogic supporting programmatic activity.

Candidates are eligible to receive the below listed benefits:

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Work From Home availability

For this remote first role candidates must reside, at the time of application, in Wisconsin, Illinois or Iowa and be able to travel to our Brookfield, Wisconsin offices for required interviews and onboarding.