Governance & Risk Analyst
ZS · Chicago, IL · 3 mo ago
HybridFinanceFull-time
Key Responsibilities
- Conduct end-to-end Vendor Risk Assessments (VRA) including initiation, analysis, follow-ups, and final reporting.
- Review vendor security questionnaires, supporting evidence, and contractual artifacts to assess information security, privacy, and compliance risks.
- Identify inherent and residual risks across domains such as information security, data privacy, access controls, business continuity & disaster recovery, and regulatory & compliance requirements.
- Clearly document assessment findings, risk ratings, and remediation recommendations in risk management tools and trackers.
- Coordinate with vendors to obtain clarifications, remediation plans, and follow-up evidence for identified gaps.
Stakeholder Collaboration & Governance
- Partner with internal teams including Procurement, Legal, Information Security, Privacy, and Business Owners to support third-party onboarding and risk decisions.
- Escalate high-risk findings and delays to GRC leadership with clear summaries and recommended actions.
- Support second-level reviews and management reporting for VRAs and TPRM activities.
Risk Reporting & Continuous Improvement
- Maintain accurate risk registers, assessment trackers, and dashboards for VRA/TPRM.
- Contribute to improving TPRM frameworks, workflows, and reporting to enhance stakeholder value.
- Aid in developing and updating SOPs, templates, and guidance documents related to vendor risk management.
Audit & Compliance Support
- Support internal and external audits by providing VRA documentation, evidence, and risk summaries.
- Assist with broader GRC initiatives such as policy reviews, opportunity security risk assessments, and compliance assessments as needed.