×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

GRC Analyst – Enterprise & Third Party Risk

Job in Irving, Dallas County, Texas, 75084, USA
Listing for: Caris Life Sciences
Full Time position
Listed on 2026-04-17
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 60000 - 80000 USD Yearly USD 60000.00 80000.00 YEAR
Job Description & How to Apply Below

Working as part of the Information Security Team, the GRC Analyst – Enterprise & Third Party Risk will support and lead internal risk assessments, exception reviews, and third‑party risk management activities. This role plays a critical part in identifying, assessing, and monitoring risks across internal systems and third‑party vendors while ensuring that exceptions to policy are appropriately evaluated and documented. The ideal candidate will bring strong analytical capabilities and a proactive approach to governance, risk, and compliance.

Job Responsibilities
  • Conduct internal risk assessments across business units, systems, applications, and processes to identify potential security, operational, and compliance risks.
  • Develop and maintain the internal risk register and facilitate periodic risk reviews with control owners and business stakeholders.
  • Develop dashboards, reports, and metrics to communicate risk status, trends, and program effectiveness to leadership.
  • Evaluate risk exception requests, perform risk‑based analysis, and ensure appropriate documentation, approval, and tracking.
  • Lead and support third‑party risk management activities including vendor due diligence, risk assessments, contract reviews, and ongoing monitoring.
  • Partner with procurement, legal, and business stakeholders to embed security and risk requirements into vendor lifecycle processes.
  • Assist in defining and maintaining IT and organizational policies, standards, and procedures related to security, risk, and compliance.
  • Support internal and external audits (e.g., HIPAA, SOX, GDPR) by collecting evidence and addressing audit findings and recommendations.
  • Collaborate with IT and business teams to assess the adequacy and effectiveness of internal controls and drive remediation efforts.
  • Conduct periodic gap assessments and ensure controls are maintained to support ongoing compliance.
  • Stay abreast of changes in regulatory requirements and industry best practices related to risk management, third‑party governance, and cybersecurity.
  • Assist with the creation and delivery of security awareness training related to risk, vendor management, and compliance requirements.
  • Participate in the development and maintenance of business continuity, disaster recovery, and incident response processes from a risk perspective.
Required Qualifications
  • Bachelor’s degree in Information Security, Risk Management, or a related field; or equivalent work experience.
  • Minimum of 4 years of experience in Information Security Risk Management, Third‑Party Risk, or GRC functions.
  • Strong understanding of internal control assessments, exception management, and third‑party/vendor risk practices.
  • Familiarity with legal and regulatory compliance standards such as HIPAA, SOX, GDPR, etc.
  • Knowledge of security and risk frameworks such as NIST Cybersecurity Framework, ISO 27001, and CIS Controls.
  • Excellent communication skills with the ability to collaborate effectively across technical and non‑technical teams.
  • Ability to translate technical risks into business impacts for non‑technical audiences.
  • Strong analytical and problem‑solving abilities with experience interpreting risk data to drive decision‑making.
  • Demonstrated ability to manage multiple assessments or projects simultaneously in a fast‑paced environment.
  • Experience writing policies, standards, procedures, or risk documentation.
  • Working knowledge of data protection concepts such as data classification, encryption, access management, and secure data handling.
  • Proficiency in Microsoft Excel, PowerPoint, and other data/reporting tools commonly used to support risk analysis and presentations.
  • Ability to work independently with minimal supervision while maintaining a high attention to detail.
Preferred Qualifications
  • Industry certifications such as CISA, CRISC, CISSP are highly desirable.
  • Experience using GRC or IRM platforms (e.g., Compyl, Audit Board, RSA Archer, Logic Gate, or similar).
  • Experience with SOC 2, PCI‑DSS, HITRUST, or other security compliance frameworks.
  • Experience in healthcare or life sciences industry is a plus.
  • Background supporting cloud security or assessing cloud service providers (AWS, Azure, GCP).
  • Experience…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search