What you’ll do:

• As a GRC Analyst, you will play a critical role in ensuring the security and compliance of our organization's relationships with third-parties.
• You will be responsible for further development, implementation, and maintenance of a comprehensive third-party risk management program, ensuring that potential risks associated with vendors are identified, assessed, and mitigated effectively.
• Ensure the program is aligned with industry best practices and regulatory requirements through periodic gap analysis.
• Collaborate with and lead a cross-departmental team of risk identification and controls experts to ensure SHAZAM’s risk appetite and tolerance is adhered to.
• Identify and assess potential risks associated with third-party vendors and suppliers, including but not limited to cybersecurity, data privacy, regulatory compliance, financial stability, and operational resilience.
• Collaborate with internal stakeholders, including Legal, IT, Compliance, and other business units, to establish and enforce standardized third-party risk management policies, procedures, and contractual requirements.
• Develop and maintain a centralized repository of vendor-related information, including contracts, risk assessments, audit reports, and remediation plans.
• Develop and maintain program reporting and metrics.
• Conduct thorough due diligence and risk assessments of prospective and existing third-party vendors, considering their risk profile, performance, and ability to meet contractual obligations.
• Monitor and evaluate the ongoing performance and compliance of third-party vendors through periodic risk assessments, audits, and performance metrics.
• Implement and maintain an effective third-party risk reporting framework, providing regular updates to management, highlighting key risk areas and recommending appropriate mitigation strategies.
• Provide guidance, training, and support to internal teams on third-party risk management practices, policies, and procedures.

What we’re looking for:

• 5+ years proven experience in third-party risk management, preferably in a regulated industry.
• Bachelor's degree in business administration, finance, information technology, or a related field or equivalent work experience.
• In-depth knowledge of third-party risk management principles, methodologies, and frameworks, with a strong understanding of industry standards and best practices.
• Strong analytical and problem-solving skills, with the ability to assess complex risk scenarios, develop mitigation strategies, and make informed decisions.
• Excellent communication and interpersonal skills, with the ability to influence and collaborate effectively with stakeholders at all levels of the organization.
• Detail-oriented mindset, with the ability to manage multiple priorities and projects simultaneously, while maintaining a high level of accuracy and attention to detail.
• Proficiency in using third-party risk management tools and platforms, as well as experience in leveraging data analytics for risk assessment and reporting.
• Strong project management skills, with the ability to lead and execute initiatives independently and within established timelines.
• A commitment to continuous learning and professional development in the field of third-party risk management.
• Third-party risk management certifications are a strong plus.

Annual salary starting at $64,000 to $89,000*

• Actual compensation will be based upon factors such as geographic location, experience, education, and/or skill level and will be finalized at the time of offer.