Job Title: Third Party GRC Analyst
Primary Location: Los Angeles, CA (Remote)
Position Type: Direct Hire

OVERVIEW:
TalentFish is partnered with our client to find a Third Party Governance, Risk, and Compliance (GRC) Analyst! This position is a key role within the Information Security team and supports the execution of Third Party Risk Management (TPRM), Client Compliance, and IT Risk Management programs. The ideal candidate will have strong experience across the GRC lifecycle and a passion for identifying and mitigating third-party risks in a highly regulated environment.

WHAT YOU'LL DO:
The Third Party GRC Analyst will be responsible for:

• Supporting all phases of the TPRM lifecycle, from onboarding to offboarding vendors.

• Conducting third-party risk assessments to identify and mitigate privacy and security risks.

• Requesting, reviewing, and tracking due diligence documentation using MS Excel and/or Confluence.

• Reviewing vendor risk documentation (e.g., SIG questionnaires, SOC2 Type II, SSAE18 reports, policies, etc.).

• Applying knowledge of NIST CSF and regulatory frameworks (GDPR, etc.) in risk assessments.

• Collaborating with internal stakeholders to track and report on vendor issues and remediation.

• Coordinating InfoSec evaluations of vendor security controls.

• Assisting with key risk reporting and metrics development.

• Partnering with Procurement/Contracts teams to support vendor agreement reviews.

• Supporting Client Compliance efforts, including assessment responses and coordination with clients.

• Contributing to continuous improvement initiatives within the GRC program (including automation).

• Staying current on developments in TPRM and GRC practices.

• Participating in various ad hoc GRC and risk-related projects.

WHAT YOU'LL NEED:

Proficiencies:

• Strong understanding of TPRM and the outsourcing lifecycle.

• Working knowledge of GRC best practices, frameworks, and principles.

• Familiarity with security and privacy regulations such as NIST, ISO, GDPR, CCPA.

• Highly organized with attention to detail and the ability to work independently.

• Strong written and verbal communication skills.

• Ability to collaborate with internal and external stakeholders across functions.

Qualifications:

• 3+ years of experience in Third Party Risk Management, GRC, InfoSec, or related roles.

• Experience in regulated industries (financial, legal, healthcare) or with Big 4 consulting firms.

• Demonstrated ability to manage vendor cybersecurity evaluations.

• Professionalism, accountability, and a commitment to excellence in risk and compliance.

Compensation Information
The expected salary range for this position is $90,000-$120,000 per year, depending on experience and qualifications. This role also offers comprehensive benefits, including health insurance, a 401(k) plan, and paid time off. TalentFish is committed to pay transparency and equal opportunity. The salary range provided complies with applicable state and federal regulations.

This role requires authorization to work in the U.S. without current or future visa sponsorship.

All offers are contingent upon the completion of a background check, which may include but is not limited to reference checks, education verification, employment verification, drug testing, criminal records checks, and any required certifications or compliance requirements based on the end client's background check policies and applicable laws.

TalentFish is an employee-owned company pioneering a new realm in talent acquisition. We are redefining IT staffing by evolving AI, video screening, and our unique platform. TalentFish focuses on delivering the best possible experience for employees, consultants, and clients.
At TalentFish, we are an Equal Opportunity Employer; we embrace and encourage diversity!