GRC TPRM Assessment and Remediation SME
Tata Consultancy Services · Sunnyvale, CA · 1 wk ago
Education$80k–$140k/yrFull-time
Key Responsibilities
- Maintain the Supplier Inventory (GRC platform, e.g., SupplierNinja) as the single source of truth for assessment status.
- Tier/filter suppliers requiring reassessment vs. new assessment per program criteria.
- Maintain accurate Direct Responsible Individual (DRI) records in the GRC tool (e.g., OneTrust).
- Evaluate suppliers against standard frameworks (SIG, CAIQ, NIST CSF, ISO 27001, SOC 2) and validate evidence (audit reports, certifications, pen test results).
- Confirm DRI ownership and obtain kick-off acknowledgement before initiating assessments.
- Log and track assessment tasks in a workflow tool (e.g., Wrike), including acknowledgement evidence.
- Confirm onsite-assessed suppliers have current-year coverage (e.g., in AirTable).
- Participate in recurring findings-review meetings (e.g., CSFA), advising on policy and evidence standards.
- Own Corrective Action Plans (CAPs) end-to-end: define SLAs, track progress, drive closure with vendors and business owners.
- Cookordination with Legal, Procurement, and InfoSec on remediation timelines and compensating controls.
- Run a structured outreach cadence with DRIs (kick-off → 3 follow-ups → 3 escalations to management).
- Track response/non-response rates for every outreach cycle.
- Escalate unresolved/high-risk findings to client leadership and track to closure.
- Deliver a standing weekly metrics report to leadership: outreach volume, response rates, follow-up/escalation status, suppliers approved for (re)assessment, and overall assessment/remediation coverage.
Required Qualifications
- 5+ years in cybersecurity, TPRM, GRC operations, or supplier risk coordination.
- Working knowledge of NIST CSF, ISO 27001, SOC 2, SIG/CAIQ.
- Hands-on experience with GRC/TPRM tools (OneTrust, Archer, ServiceNow GRC, SupplierNinja, or similar).
- Proven ownership of high-volume, multi-step communication workflows with strict tracking/documentation.
- Excellent written communication for remote, client-facing engagement.
- Experience operating in distributed/remote teams.
Preferred Qualifications
- Certification: CTPRP, CRISC, CISA, or CISSP.
- Experience with Wrike, AirTable, Jira, or similar tracking tools.
- Prior experience in regulated industries (financial services, healthcare, insurance).
- Track record producing leadership-facing weekly reporting.