Associate, GRC - Global Capability Center

Description

Alvarez Marsal (AM) is seeking a TPVRM GRC Analyst who will play a critical role in managing and enhancing our third-party risk management program. This position will align to the team responsibilities of assessing, monitoring, and mitigating risks associated with third-party vendors, ensuring compliance with regulatory requirements and internal security policies.
This role will be focused on supporting client questionnaires and audit requests, performance of third-party supplier assessments, and working closely with business stakeholders to align security measures commensurate with risk. The successful candidate requires a strong understanding of security controls with the ability to effectively assess and communicate technical security requirements to teams across the firm.

Key Responsibilities:

Third-Party Risk Management:
o Laise with business and external stakeholders to perform comprehensive due diligence risk assessments of third-party vendors and identify risk, whilst maintaining monitoring activities of existing vendors.
o Contribute to process improvements and development of vendor risk assessment frameworks and questionnaires
Vendor Assessment Monitoring:
o Perform due diligence on new and existing vendors, including reviewing SOC reports, certifications, and security controls.
o Monitor vendor performance and compliance through periodic assessments and audits.
o Maintain vendor risk register and track remediation efforts.
Client Security Questionnaires:
o Manage and complete client security questionnaires and assessments to demonstrate the organization s security posture.
o Collaborate with internal teams (Privacy, Legal, IT) to gather accurate and comprehensive responses.
o Ensure timely delivery of client responses with service level agreements
o Support and contribute to continuous maintenance of question and response database (Responsive)
Governance Compliance:
o Ensure third-party vendor activities comply with internal security policies and regulatory requirements.
o Support adherence to AM Global Security Office policies, procedures, and standards.
o Provide guidance and support to internal stakeholders on third-party risk-related issues.
Client and Vendor Contract Reviews:
o Evaluate security terms in contracts with third parties, suppliers, and business teams to mitigate risks associated with client and vendor engagements.
o Work with legal, privacy and business teams to ensure that contractual obligations align with the organisation s security policies and compliance requirements.
Risk Reporting Communication:
o Communicate identified risks and remediation strategies to both technical and non-technical stakeholders.
o Participate and execute governance activities including metrics gathering and reporting, and the performance of recurring internal assessment activities

Qualifications:

Education Experience:
o Bachelor s degree in information security, Risk Management, Business, or related field.
o Industry recognized certification in security (e.g., CRISC (Certified in Risk and Information Systems Control), CTPRP (Certified Third-Party Risk Professional), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager)
o 3+ years of experience in GRC, third-party risk management, or information security.
o Experience in conducting vendor risk assessments and audits.
o Experience in managing and completing client security questionnaires.

Technical Skills:
o Good understanding of security frameworks such as ISO 27001, NIST, etc.
o Familiarity with third-party risk management tools and platforms (OneTrust, OnSpring, Responsive, BitSight etc.)
o Knowledge of regulatory requirements
Soft Skills:
o Excellent analytical, problem-solving, and decision-making skills.
o Strong communication and interpersonal skills.
o Ability to work collaboratively with cross-functional teams.
o Detail-oriented with the ability to manage multiple tasks simultaneously.