Associate, GRC - Global Capability Center

Description

Alvarez & Marsal (A&M) is seeking a TPVRM GRC Analyst who will play a critical role in managing and enhancing our third-party risk management program. This position will align to the team responsibilities of assessing, monitoring, and mitigating risks associated with third-party vendors, ensuring compliance with regulatory requirements and internal security policies.
This role will be focused on supporting client questionnaires and audit requests, performance of third-party supplier assessments, and working closely with business stakeholders to align security measures commensurate with risk. The successful candidate requires a strong understanding of security controls with the ability to effectively assess and communicate technical security requirements to teams across the firm.

Key Responsibilities:

Third-Party Risk Management:
o Laise with business and external stakeholders to perform comprehensive due diligence risk assessments of third-party vendors and identify risk, whilst maintaining monitoring activities of existing vendors.
o Contribute to process improvements and development of vendor risk assessment frameworks and questionnaires
Vendor Assessment & Monitoring:
o Perform due diligence on new and existing vendors, including reviewing SOC reports, certifications, and security controls.
o Monitor vendor performance and compliance through periodic assessments and audits.
o Maintain vendor risk register and track remediation efforts.
Client Security Questionnaires:
o Manage and complete client security questionnaires and assessments to demonstrate the organization’s security posture.
o Collaborate with internal teams (Privacy, Legal, IT) to gather accurate and comprehensive responses.
o Ensure timely delivery of client responses with service level agreements
o Support and contribute to continuous maintenance of question and response database (Responsive)
Governance & Compliance:
o Ensure third-party vendor activities comply with internal security policies and regulatory requirements.
o Support adherence to A&M Global Security Office policies, procedures, and standards.
o Provide guidance and support to internal stakeholders on third-party risk-related issues.
Client and Vendor Contract Reviews:
o Evaluate security terms in contracts with third parties, suppliers, and business teams to mitigate risks associated with client and vendor engagements.
o Work with legal, privacy and business teams to ensure that contractual obligations align with the organisation’s security policies and compliance requirements.
Risk Reporting & Communication:
o Communicate identified risks and remediation strategies to both technical and non-technical stakeholders.
o Participate and execute governance activities including metrics gathering and reporting, and the performance of recurring internal assessment activities

Qualifications:

Education & Experience:
o Bachelor’s degree in information security, Risk Management, Business, or related field.
o Industry recognized certification in security (e.g., CRISC (Certified in Risk and Information Systems Control), CTPRP (Certified Third-Party Risk Professional), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager)
o 3+ years of experience in GRC, third-party risk management, or information security.
o Experience in conducting vendor risk assessments and audits.
o Experience in managing and completing client security questionnaires.

Technical Skills:
o Good understanding of security frameworks such as ISO 27001, NIST, etc.
o Familiarity with third-party risk management tools and platforms (OneTrust, OnSpring, Responsive, BitSight etc.)
o Knowledge of regulatory requirements
Soft Skills:
o Excellent analytical, problem-solving, and decision-making skills.
o Strong communication and interpersonal skills.
o Ability to work collaboratively with cross-functional teams.
o Detail-oriented with the ability to manage multiple tasks simultaneously.

Diversity & Inclusion

A&M’s entrepreneurial culture celebrates independent thinkers and doers who can positively impact our clients and shape our industry. The collaborative environment and engaging work—guided by A&M’s core values of Integrity, Quality, Objectivity, Fun, Personal Reward, and Inclusive Diversity—are the main reasons our people love working at A&M. Inclusive Diversity means we embrace diversity, and we foster inclusiveness, encouraging everyone to bring their whole self to work each day. It runs through how we recruit, develop employees, conduct business, support clients, and partner with vendors. It is the A&M way.

Equal Opportunity Employer

It is Alvarez & Marsal’s practice to provide and promote equal opportunity in employment, compensation, and other terms and conditions of employment without discrimination because of race, color, creed, religion, national origin, ancestry, citizenship status, sex or gender, gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, family medical history, genetic information or other protected medical condition, political affiliation, or any other characteristic protected by and in accordance with applicable laws. Employees and Applicants can find A&M policy statements and additional information by region here.

Unsolicited Resumes from Third-Party Recruiters

Please note that as per A&M policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters are engaged to provide candidates for a specified opening and in alignment with our Inclusive Diversity values. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that A&M will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.