Third Party Governance, Risk and Compliance

Our client, an Am 100 law firm, is seeking a Third Party Governance, Risk, and Compliance (GRC) Analyst to join its Information Security team. This position plays a key role in executing the Third Party GRC function, with a focus on Third Party Risk Management (TPRM), Client Compliance, and IT Risk Management. The Analyst will facilitate activities across the GRC lifecycle, including due diligence, ongoing assessments, and monitoring of third-party vendors to ensure compliance with internal standards and regulatory requirements. Key Responsibilities: • Support the full lifecycle of Third Party Risk Management from onboarding to offboarding • Conduct initial and ongoing risk assessments of third-party vendors to identify potential privacy and security risks • Request, track, and analyze vendor due diligence documentation (e.g., SIG questionnaires, SOC reports, security policies) • Coordinate with internal stakeholders and vendors to identify, document, and monitor risk remediation...