Job Description

This company is a leading provider of dialysis services, specializing in the treatment of individuals with chronic kidney disease. It operates a vast network of centers across the United States, delivering in-center and at-home dialysis options. With a focus on high-quality care, the company supports patients with personalized treatment plans to improve their quality of life. It is committed to advancing kidney care through innovation and compassionate support for those in need.

Need support for high volume of third-party security risk assessments. This role requires someone who can dive into the details, work directly with vendors, analyze SOC 2 reports, pen test results, and security documentation, and provide actionable risk mitigation strategies. The ideal candidate is detail-oriented, proactive, and experienced in third-party risk management, with a strong grasp of regulatory frameworks and compliance.

GRC Analyst – 3rd Party Risk Assessment Responsibilities:

• Conduct and manage third-party security risk assessments, including reviewing security questionnaires, SOC 2 reports, and penetration test results.
• Identify red flags in vendor security documentation and prepare reports to drive discussions on risk mitigation.
• Work closely with vendors to gather required documentation and evaluate compliance postures.
• Track, manage, and remediate third-party risk issues, including handling security exceptions and recommending mitigation strategies.
• Improve existing assessment frameworks and processes, incorporating considerations for AI security risks.
• Support GRC tooling implementations and process enhancements in the security and compliance space.

GRC Analyst – 3rd Party Risk Assessment Requirements:

• 5–7 years of experience in GRC, third-party risk assessment, and compliance.
• Strong familiarity with regulatory frameworks such as HIPAA, SOC 2, ISO 27001, NIST 800-53.
• Hands-on experience with risk assessments, security questionnaires, and compliance documentation.
• Ability to analyze security reports and present risk mitigation options to stakeholders.
• Experience implementing GRC or IAM tools is a plus.

Thank you, 

NyKey Richter
Project Manager
LaSalle Network 

Job Tags

Remote job, Contract work, Temporary work,

Similar Jobs