Jobs · Education

GRC TPRM Assessment and Remediation SME

Tata Consultancy Services · Sunnyvale, CA · 1 wk ago
Education$80k–$140k/yrFull-time

Key Responsibilities

  • Maintain the Supplier Inventory (GRC platform, e.g., SupplierNinja) as the single source of truth for assessment status.
  • Tier/filter suppliers requiring reassessment vs. new assessment per program criteria.
  • Maintain accurate Direct Responsible Individual (DRI) records in the GRC tool (e.g., OneTrust).
  • Evaluate suppliers against standard frameworks (SIG, CAIQ, NIST CSF, ISO 27001, SOC 2) and validate evidence (audit reports, certifications, pen test results).
  • Confirm DRI ownership and obtain kick-off acknowledgement before initiating assessments.
  • Log and track assessment tasks in a workflow tool (e.g., Wrike), including acknowledgement evidence.
  • Confirm onsite-assessed suppliers have current-year coverage (e.g., in AirTable).
  • Participate in recurring findings-review meetings (e.g., CSFA), advising on policy and evidence standards.
  • Own Corrective Action Plans (CAPs) end-to-end: define SLAs, track progress, drive closure with vendors and business owners.
  • Cookordination with Legal, Procurement, and InfoSec on remediation timelines and compensating controls.
  • Run a structured outreach cadence with DRIs (kick-off → 3 follow-ups → 3 escalations to management).
  • Track response/non-response rates for every outreach cycle.
  • Escalate unresolved/high-risk findings to client leadership and track to closure.
  • Deliver a standing weekly metrics report to leadership: outreach volume, response rates, follow-up/escalation status, suppliers approved for (re)assessment, and overall assessment/remediation coverage.

Required Qualifications

  • 5+ years in cybersecurity, TPRM, GRC operations, or supplier risk coordination.
  • Working knowledge of NIST CSF, ISO 27001, SOC 2, SIG/CAIQ.
  • Hands-on experience with GRC/TPRM tools (OneTrust, Archer, ServiceNow GRC, SupplierNinja, or similar).
  • Proven ownership of high-volume, multi-step communication workflows with strict tracking/documentation.
  • Excellent written communication for remote, client-facing engagement.
  • Experience operating in distributed/remote teams.

Preferred Qualifications

  • Certification: CTPRP, CRISC, CISA, or CISSP.
  • Experience with Wrike, AirTable, Jira, or similar tracking tools.
  • Prior experience in regulated industries (financial services, healthcare, insurance).
  • Track record producing leadership-facing weekly reporting.

Similar jobs