What are the responsibilities and job description for the GRC Consultant Third party risk management position at Jobs via Dice?
Dice is the leading career destination for tech experts at every stage of their careers. Our client, Ztek Consulting, is seeking the following. Apply via Dice today!
Job Role: GRC Consultant Third party risk management
Location: Hunt Valley, MD
Job Description:
Must Have Technical/Functional Skills
Bachelors Degree in Computer Science
Job Role: GRC Consultant Third party risk management
Location: Hunt Valley, MD
Job Description:
Must Have Technical/Functional Skills
- Individual who can independently assess vendor risk, evaluate control effectiveness, and align security practices with enterprise policies and cybersecurity best practices.
- Aware of enterprise security policies, data protection standards, and frameworks such as SOC 2 and ISO 27001.
- Experience with GRC and risk intelligence platforms such as RSA Archer, Onspring, BitSight, UpGuard, Security Scorecard, ServiceNow, or similar tools to manage risk lifecycle activities.
- Operate independently in a fast-paced environment, managing multiple concurrent assessments while maintaining high-quality documentation and professional integrity.
- Must be a strong, clear, and concise communicator that is self-starting and can remain organized when faced with multiple assignments that require granular-level tracking
- Lead and execute end-to-end third-party/vendor risk assessments across technology, supply chain, SaaS, and hybrid environments, identifying control gaps and recommending risk mitigation strategies.
- Perform deep technical reviews of solution, application, and solution
- architectures, security controls, and cloud solutions from a security engineering perspective, translating findings into actionable remediation guidance.
- Conduct hands-on SOC 2 analysis, evaluate control design and operating effectiveness, and clearly articulate control gaps and risk impacts to stakeholders.
- Ensure alignment of third-party assessments and internal practices with enterprise security policies, data protection standards, and frameworks such as SOC 2 and ISO 27001.
- Leverage and administer GRC and risk intelligence platforms such as RSA Archer, Onspring, BitSight, UpGuard, Security Scorecard, ServiceNow, or similar tools to manage risk lifecycle activities.
- Coordination with business partners such as Legal, Procurement, IT, Privacy, Audit, and Security Operations to drive timely assessment completion and remediation tracking.
- Develop and report meaningful risk metrics and program insights to leadership, demonstrating effectiveness and continuous improvement of the TPRM program.
- Contribute to the development, enhancement, and rationalization of information security policies, standards, and exception processes based on risk findings and industry best practices.
- Communicate complex technical and risk concepts clearly to both technical and non-technical stakeholders; build trusted relationships across business units.
- Good communication, reporting skills
- Ability to communicate complex technical and risk concepts clearly to both technical and non-technical stakeholders; build trusted relationships across business units
Bachelors Degree in Computer Science