Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Job Title: GRC Analyst
Function: Governance, Risk and Compliance (GRC)
Location: Pune (Hybrid)
Experience: 2–5 years
Education
Bachelor’s degree in Information Technology, Information Security, Risk Management, Business Administration, Finance, or a related discipline
Professional certifications are a plus
Role Overview
The GRC Analyst is responsible for identifying, assessing, monitoring, and reporting risks associated with third‑party vendors, service providers, and outsourced relationships. The role ensures third‑party engagements align with the organization’s risk tolerance, regulatory requirements, and internal control standards.
This position plays a critical role in operational resilience, cybersecurity risk management, regulatory compliance, and governance .
Key Responsibilities
Risk Identification:
Conduct comprehensive assessments of potential technical risks associated with the organization's systems, infrastructure, and technology projects. Have good understanding and working of IT infrastructure systems and devices from a security perspective like server, virtualization, cloud, applications, databases, network switches, router, firewalls, load balancers, etc. Stay abreast of industry trends, emerging technologies, and potential vulnerabilities that may impact the organization's technical landscape. Risk Assessment:
Evaluate the potential impact and likelihood of identified risks, considering both internal and external factors. Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing. Have good understanding of systems and solutions like active directory (AD), email, DNS, DLP, antivirus, EDR, SIEM, etc. The ability to articulate the business risks associated with technical vulnerabilities and risks. Third‑Party Risk Assessment & Monitoring
Perform end‑to‑end third‑party risk assessments during onboarding, periodic reviews, and event‑driven triggers Assess vendor risks across multiple domains, including:Information SecurityData PrivacyBusiness Continuity & Disaster RecoveryOperational RiskRegulatory and Compliance Risk Evaluate vendor responses, supporting evidence, and attestations for adequacy and accuracy Issue Management & Remediation
Identify control gaps, weaknesses, and risk issues arising from third‑party assessments Work with vendors and internal stakeholders to define remediation plans Track remediation actions and validate closure evidence Risk Reporting & Metrics
Maintain third‑party risk registers, risk ratings, and issue logs Prepare risk reports, dashboards, and key risk indicators (KRIs) for management Support risk committees, governance forums, and senior leadership reporting Stakeholder & Vendor Engagement
Partner with procurement, legal, compliance, information security, privacy, and business teams Act as a point of contact for third‑party risk‑related queries Support contract reviews by providing risk inputs related to vendor engagements Regulatory, Audit & Governance Support
Support internal audits, regulatory examinations, and client due diligence requests related to third‑party risk Ensure alignment with applicable regulations and frameworks (e.g., FedRAMP, RBI, GDPR, ISO, SOC) Assist in maintaining third‑party risk policies, standards, and procedures Process Improvement & Tooling
Contribute to improvements in TPRM processes, assessment methodologies, and workflows Assist in enhancements or implementations of GRC platforms (e.g., Archer, ServiceNow, MetricStream) Support automation and data quality initiatives within the TPRM program Required Skills & Competencies
Risk & Compliance Knowledge
Strong understanding of third‑party risk management lifecycle Working knowledge of technology, cyber, and operational risk concepts Familiarity with regulatory expectations and risk management frameworks Tools & Technology
Experience using GRC platforms or vendor risk tools Strong proficiency in Excel and reporting tools Ability to analyze data and produce clear, actionable insights Communication & Collaboration
Strong written and verbal communication skills Ability to engage with both technical and non‑technical stakeholders Effective time management and prioritization skills Preferred Qualifications (Nice to Have)
Total work experience of 3-5 years in relevant field of work. Bachelor's or Master's degree in Computer Science, Information Security, Risk Management, System Resiliency & Availability & Software development practices and frameworks, Products and operations, Access and identity management, application security, assurance programs, or a related field. Professional certifications such as (one or more of these):CISA, CISM, CISSP, ISO 27001 Lead Implementer/AuditorVendor Risk or Operational Risk certifications Experience in Product management, IT service/ software, BFSI, fintech, cloud service environments, or regulated industries Exposure to global regulatory environments (FedRamp, GDPR, FFIEC, EBA, OCC, etc.)