Senior Governance & Risk Analyst

ZS is a place where passion changes lives. As a management consulting and technology firm focused on transforming global healthcare and beyond, our most valuable asset is our people. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping solutions from start to finish. At ZS, we believe that making an impact demands a different approach; and that's why here your ideas elevate actions, and here you'll have the freedom to define your own path and pursue cutting-edge work. We partner collaboratively with our clients to develop products that create value and deliver company results across critical areas of their business including portfolio strategy, customer insights, research and development, operational and technology transformation, marketing strategy and many more. If you dare to think differently, join us, and find a path where your passion can change lives.

1. Conduct Risk Assessments: Collaborate with the ZS stakeholders from IT, HR, Finance, Legal, etc. teams to perform risk assessments and identify potential threats and vulnerabilities in our IT infrastructure and third-party relationships.
2. Third Party Risk Management (TPRM): Develop, implement, and maintain effective TPRM processes, including third-party risk assessment, due diligence, and ongoing monitoring.
3. Remediation Oversight: Assist in the management of remediation activities, including the development and monitoring of remediation plans for identified risks and vulnerabilities.
4. Documentation and Reporting: Prepare comprehensive findings reports for various stakeholders, summarizing assessment results, remediation progress, and recommended actions, both internally and within the TPRM framework.
5. Audit Support: Provide support during internal and external audits, assisting in audit planning, execution, communication, and reporting phases, with a specific focus on TPRM.
6. Security Monitoring: Analyze findings from security monitoring systems, reviewing vulnerabilities for active and acceptable remediation plans, including third-party risks.
7. Risk Mitigation: Collaborate with cross-functional teams to identify and proactively address potential gaps in security, especially in the context of third-party risks.
8. GRC Tools: Assist in the management and maintenance of GRC tools, including configuration and reporting, with a focus on TPRM capabilities.
9. Policy and Framework Compliance: Ensure that operational controls, including those related to third parties, are aligned with relevant control frameworks, standards, and regulatory requirements.
10. Training and Awareness: Contribute to the development of information security training material and assist in conducting training sessions for relevant stakeholders, emphasizing TPRM best practices.
11. Special Projects: Collaborate on various technology risk governance initiatives and other special projects as assigned, with a strong emphasis on TPRM improvements.
12. Mentorship: Lead and mentor a team of Governance & Risk Analysts/Administrators to ensure efficient execution of risk assessment processes, risk treatment activities, and third-party risk management.

1. Bachelor's degree in IT or relevant field with a strong academic record.
2. A minimum of 4 years of experience in IT Risk Management and Third-Party Risk Management roles.
3. Knowledge and experience in conducting risk assessments, managing remediation activities, and enhancing TPRM practices.
4. Familiarity with Industry standards and frameworks like ISO 27001, ISO 27701, ISO 27017, ISO 27018, NIST CSF, etc.
5. Strong communication skills, both written and verbal, for reporting and interacting with stakeholders.
6. Knowledge of control frameworks, information security policies, regulatory compliance, and TPRM best practices.
7. Ability to work independently and as part of a team.
8. Willingness to adapt to evolving industry standards and technologies.
9. Certifications such as CISA, CISSP, or other relevant GRC and TPRM certifications are a plus.

1. Proficiency in MS Office, including Word, Excel, and PowerPoint.
2. Experience with GRC tools (e.g., RSA Archer) and software for reporting and compliance management, with a focus on TPRM capabilities.
3. Basic understanding of web-based applications, operating systems, databases, and TPRM tools.
4. Knowledge of laws and regulations impacting data security, privacy, and third-party risk management is a plus.