The Senior GRC VRM Platform Specialist will support the efforts of the organization by leading the integration, oversight, and execution of systems and processes supporting the firm's 3rd party risk management efforts. The role holder will utilize various GRC tools to enhance the effectiveness, efficiency, and speed of the risk assessment process in furtherance of the established ISMS and risk management framework.


  • Support the 3rd party risk assessment program via the use of  the established ISMS, risk management framework and VRM platforms. 
  • Champion the integration of the VRM and GRC platforms in a manner that provides integrated executive risk reporting and vendor risk tracking
  • Utilize the VRM platforms in a manner that maximizes the effectiveness and reliability of the risk assessment process. 
  • Leverage the process and capability improvements achieved in the above efforts to support other aspects of the risk management program, such as greater automation and orchestration
  • Monitor and report on compliance with the Firm’s information security policies and procedures
  • Maintain records of audit findings and ensure that corrective actions are implemented per the agreed remediation schedule
  • Provide status reports to the IT GRC Manager
  • Maintain the Firm's security-related information and metrics repositories

Skills and Experience

  • Possess a Computer Science Bachelor’s Degree or substantial equivalent experience 
  • Demonstrable experience with vendor-facing information security assessments using VRM platforms and reporting results
  • Background in managing VRM platform information and integrating key risk metrics with GRC platforms
  • CISSP, CRISC, CISA, CIA preferred
  • RSA Archer Certified Professional preferred
  • Thorough understanding of security concepts and best practices 
  • Authoritative understanding of principles, theories, techniques, and methods of information system analysis and risk assessment
  • Authoritative understanding of audit principles applied to common information security domains such as security policy, organizational structure, asset management, human resources, physical security, operations, communications, access control, development, and acquisition, incident management, business continuity, and compliance 
  • Working knowledge of common information systems such as Active Directory, networking, endpoint management, and SQL
  • Proficient in the use of Microsoft Excel and Word
  • Sufficient business acumen to understand the business drivers associated with risk management concepts, particularly those affecting client audits, RFPs, and contractual terms
  • Strong communication skills - demonstrated ability to communicate professionally in business language, in both oral and written formats (English).
  • Gather and analyze facts, draw conclusions, define problems, and suggest solutions
  • Work independently and within a team
  • Remain productive and maintain focus without direct supervision
  • Effectively manage multiple tasks concurrently
  • Internalize and act upon constructive feedback
  • Adopt new skills and improve existing skills in a dynamic environment