The Senior Governance & Risk Administrator will serve as a key member of our IT Governance, Risk, and Compliance team, responsible for proactively identifying and mitigating risks, ensuring compliance with regulations, and enhancing our control framework. The role involves working closely with various stakeholders, analyzing security findings, and providing input into the development and maintenance of security risk scorecards. The candidate will also assist in the management of GRC tools and contribute to various risk governance-related initiatives and special projects.

Responsibilities:

1. Conduct Risk Assessments: Collaborate with the ZS stakeholders from IT, HR, Finance, Legal, etc. teams to perform risk assessments and identify potential threats and vulnerabilities in our IT infrastructure and third-party relationships.
2. Third Party Risk Management (TPRM): Develop, implement, and maintain effective TPRM processes, including third-party risk assessment, due diligence, and ongoing monitoring.
3. Remediation Oversight: Assist in the management of remediation activities, including the development and monitoring of remediation plans for identified risks and vulnerabilities.
4. Documentation and Reporting: Prepare comprehensive findings reports for various stakeholders, summarizing assessment results, remediation progress, and recommended actions, both internally and within the TPRM framework.
5. Audit Support: Provide support during internal and external audits, assisting in audit planning, execution, communication, and reporting phases, with a specific focus on TPRM.
6. Security Monitoring: Analyze findings from security monitoring systems, reviewing vulnerabilities for active and acceptable remediation plans, including third-party risks.
7. Risk Mitigation: Collaborate with cross-functional teams to identify and proactively address potential gaps in security, especially in the context of third-party risks.
8. GRC Tools: Assist in the management and maintenance of GRC tools, including configuration and reporting, with a focus on TPRM capabilities.
9. Policy and Framework Compliance: Ensure that operational controls, including those related to third parties, are aligned with relevant control frameworks, standards, and regulatory requirements.
10. Training and Awareness: Contribute to the development of information security training material and assist in conducting training sessions for relevant stakeholders, emphasizing TPRM best practices.
11. Special Projects: Collaborate on various technology risk governance initiatives and other special projects as assigned, with a strong emphasis on TPRM improvements.
12. Mentorship: Lead and mentor a team of Governance & Risk Analysts/Administrators to ensure efficient execution of risk assessment processes, risk treatment activities, and third-party risk management.

Qualifications:

1. Bachelor's degree in IT or relevant field with a strong academic record.
2. A minimum of 4 years of experience in IT Risk Management and Third-Party Risk Management roles.
3. Knowledge and experience in conducting risk assessments, managing remediation activities, and enhancing TPRM practices.
4. Familiarity with Industry standards and frameworks like ISO 27001, ISO 27701, ISO 27017, ISO 27018, NIST CSF, etc.
5. Strong communication skills, both written and verbal, for reporting and interacting with stakeholders.
6. Knowledge of control frameworks, information security policies, regulatory compliance, and TPRM best practices.
7. Ability to work independently and as part of a team.
8. Willingness to adapt to evolving industry standards and technologies.
9. Certifications such as CISA, CISSP, or other relevant GRC and TPRM certifications are a plus.

Technical Expertise:

1. Proficiency in MS Office, including Word, Excel, and PowerPoint.
2. Experience with GRC tools (e.g., RSA Archer) and software for reporting and compliance management, with a focus on TPRM capabilities.
3. Basic understanding of web-based applications, operating systems, databases, and TPRM tools.
4. Knowledge of laws and regulations impacting data security, privacy, and third-party risk management is a plus.