Jobs · Finance · Illinois

Governance & Risk Analyst

ZS · Chicago, IL · 3 mo ago
HybridFinanceFull-time

Key Responsibilities

  • Conduct end-to-end Vendor Risk Assessments (VRA) including initiation, analysis, follow-ups, and final reporting.
  • Review vendor security questionnaires, supporting evidence, and contractual artifacts to assess information security, privacy, and compliance risks.
  • Identify inherent and residual risks across domains such as information security, data privacy, access controls, business continuity & disaster recovery, and regulatory & compliance requirements.
  • Clearly document assessment findings, risk ratings, and remediation recommendations in risk management tools and trackers.
  • Coordinate with vendors to obtain clarifications, remediation plans, and follow-up evidence for identified gaps.

Stakeholder Collaboration & Governance

  • Partner with internal teams including Procurement, Legal, Information Security, Privacy, and Business Owners to support third-party onboarding and risk decisions.
  • Escalate high-risk findings and delays to GRC leadership with clear summaries and recommended actions.
  • Support second-level reviews and management reporting for VRAs and TPRM activities.

Risk Reporting & Continuous Improvement

  • Maintain accurate risk registers, assessment trackers, and dashboards for VRA/TPRM.
  • Contribute to improving TPRM frameworks, workflows, and reporting to enhance stakeholder value.
  • Aid in developing and updating SOPs, templates, and guidance documents related to vendor risk management.

Audit & Compliance Support

  • Support internal and external audits by providing VRA documentation, evidence, and risk summaries.
  • Assist with broader GRC initiatives such as policy reviews, opportunity security risk assessments, and compliance assessments as needed.

Similar jobs