ACT Consulting has an immediate need for a
Third Party Governance, Risk, and Compliance (GRC) Analystrole located in Los Angeles, CA with our client.
ACT Consulting is a leader in the staffing industry providing candidates on a national basis for contract, contract to hire, and direct hire engagements while maintaining the highest regard for people, integrity, and customer satisfaction.
Our clients are mostly Fortune 1000 companies, primarily in the areas of Information Technology, Engineering, Professional, Accounting and Finance.
Please take a moment to review the job description.
If this is something you are interested in, please send a copy of your resume to (url removed) or contact me directly at (phone number removed).
Job Title: Third Party Governance, Risk, and Compliance (GRC) AnalystLocation: Los Angeles, CAJob Type: Full-Time (Permanent)
Salary: $120,000 Position Overview:Our client, a top-ranked AM Law 100 firm, is seeking a
Third Party Governance, Risk, and Compliance (GRC) Analyst to join its Information Security team.
This position plays a vital role in overseeing the Third Party GRC program, with a strong emphasis on
Third Party Risk Management (TPRM),
Client Compliance, and
IT Risk Management.
The Analyst will manage and support the full GRC lifecycle related to third-party vendors—from onboarding due diligence to ongoing monitoring—ensuring compliance with internal policies, client obligations, and regulatory standards.
Key Responsibilities:
- Manage the full lifecycle of Third-Party Risk Management, from onboarding through offboarding.
- Conduct initial and periodic risk assessments on third-party vendors to evaluate privacy, cybersecurity, and operational risks.
- Collect, review, and analyze vendor due diligence materials, including:
- SIG questionnaires
- SOC 1/SOC 2 reports
- Security and privacy policies
- Coordinate internally and externally to address, track, and remediate identified risks.
- Assess vendor cybersecurity controls and ensure alignment with the firm's risk management framework.
- Partner with Contracts and Procurement teams to review and approve third-party engagements.
- Support client compliance requests, including RFP and security questionnaire responses.
- Maintain and report on key risk indicators (KRIs) and performance metrics.
- Participate in continuous improvement initiatives, including automation of GRC workflows.
- Monitor and interpret evolving regulatory and industry standards, such as:
- GDPR, CCPA
- NIST Cybersecurity Framework
- ISO 27001
- Deliver GRC awareness and training to internal teams.
- Contribute to ad hoc projects and overall GRC program maturity.
Required Qualifications:
- Minimum 3 years of professional experience in:
- Third Party Risk Management
- GRC (Governance, Risk, and Compliance)
- Information Security Risk
- Prior work experience in regulated industries such as:
- Legal, Finance, or Consulting (Big 4 preferred)
- Solid understanding of:
- GRC principles, risk frameworks, and compliance obligations
- Privacy and security standards (e.g., NIST, ISO, GDPR, CCPA)
- Strong documentation and analytical skills with the ability to manage complex risk scenarios.
- Excellent interpersonal and communication skills to interact with stakeholders across business units.
- Highly organized, detail-oriented, and capable of working independently in a fast-paced environment.
- Proficiency in tools such as:
- Excel, Confluence, and vendor risk assessment platforms (e.g., Archer, OneTrust, ProcessUnity, etc.)
Candidate Requirements:
- Only candidates with stable, long-term job histories will be considered.
- Candidates must have experience in finance, legal, consulting, or similarly highly regulated industries.
- Demonstrated ability to manage risk and compliance activities with limited supervision.
- Strong preference for candidates who can hit the ground running and contribute from day one.