GRC / TPRM Specialist in Information Security

• 5+ years proven experience in GRC
• Proven experience in Technology TPRM and third-party risk assessments, including knowledge of cybersecurity and regulatory frameworks. (ex;. OnetTrust, Sentinel, Security Scrorecard, etc)
• Good understanding of SOX IT General Controls (ITGCs) and compliance expectations related to external service providers.
• Demonstrated experience in technology risk analysis, action plan mapping, and residual risk management.
• Practical experience with technology-related due diligence processes.

• Support the Technology TPRM process by performing risk assessments of third-party vendors providing technology products or services.
• Review and analyze vendor responses to cybersecurity and risk questionnaires, including relevant supporting documentation.
• Identify and report control gaps, with a particular focus on risks that could impact SOx (Sarbanes-Oxley) compliance.
• Conduct technology risk analysis, map mitigation action plans, and track the closure of identified risks.
• Assess and report on residual risk levels, ensuring clear documentation and escalation of high-risk findings.
• Assist in conducting technology due diligence for new and existing vendors.
• Collaborate with internal teams (Procurement, Legal, Privacy, Architecture) to ensure vendor engagements align with internal policies, standards, and regulatory requirements.

• Proven experience in Technology TPRM and third-party risk assessments, including knowledge of cybersecurity and regulatory frameworks.
• Solid understanding of SOx IT General Controls (ITGCs) and compliance expectations related to external service providers.
• Demonstrated experience in technology risk analysis, action plan mapping, and residual risk management.
• Practical experience with technology-related due diligence processes.

• Strong analytical, communication, and documentation skills.
• Ability to work independently and manage multiple priorities in a dynamic environment.

emergiTEL