Apply on Employer Site

Capital Group · 13 hours ago

GRM Third-Party Risk Senior Analyst

Irvine, CA

Full-time

Onsite

Mid, Senior Level

$108K/yr - $173K/yr

Capital Group is a leading investment management firm, and they are seeking a GRM Third-Party Risk Senior Analyst to enhance their global third-party risk management practices. The role involves providing expertise in third-party risk management, collaborating with cross-functional teams, and ensuring compliance with regulatory requirements while supporting audit activities and developing risk management policies.

Financial Services

Comp. & Benefits

Responsibilities

You have demonstrated expertise in third-party risk management, with hands-on experience administering the full lifecycle, from initial vendor assessments through ongoing risk mitigation and issue resolution

You have experience with third-party risk management and other GRC technology tools (e.g., ProcessUnity, ServiceNow). You have created KRIs/KPIs and configured reports and dashboards

You have supported audit activities (e.g., SOC 1/SOC 2), ensured compliance with global regulatory requirements and best practices, and addressed vendor assessment challenges within a complex global supplier ecosystem

You are skilled at collaborating with subject matter experts, key stakeholders, and business partners to ensure a cohesive approach to third-party risk management, while providing broad risk management and technical expertise

You can develop strong relationships with colleagues regionally and globally, and influence others in areas of the organization where you don’t have direct authority

You have developed and updated policies and standards ensuring processes and controls are documented clearly and comprehensively to withstand scrutiny from regulators, internal audit, and external examiners

You have prepared and presented routine third-party risk reports and updates to management and appropriate leadership, while also delivering training programs to enhance third-party risk awareness across the organization

You can apply experience across other enterprise risk domains (e.g., operational risk, IT risk, regulatory risk, etc.) to strengthen the overall risk management framework and ensure holistic oversight of third-party engagements

You have leveraged AI and automation tools to enhance efficiency in third-party risk assessments, streamline due diligence workflows, and improve continuous monitoring capabilities

You have provided oversight over managed services providers, ensuring service delivery aligns with contractual obligations, risk expectations, and performance standards

You have experience in information security and IT concepts, with a strong background in conducting technical vendor risk assessments and analyzing control evidence such as SOC 2 Type II reports, penetration test results, policies, and compliance certifications

You have supported the ongoing refinement of the third-party risk management framework by applying analytical skills and curiosity to address complex, evolving business and regulatory challenges. You thrive in ambiguity

You possess strong written and verbal communication skills, organizational agility, attention to detail, and interpret meaningful information from large data sets. You also demonstrate excellent planning, project management skills, and the ability to manage competing priorities with composure

Qualification

Third-party risk managementGRC technology toolsInformation securityAudit supportAnalytical skillsOrganizational agilityCommunication skillsProject management

Required

demonstrated expertise in third-party risk management, with hands-on experience administering the full lifecycle, from initial vendor assessments through ongoing risk mitigation and issue resolution

experience with third-party risk management and other GRC technology tools (e.g., ProcessUnity, ServiceNow)

created KRIs/KPIs and configured reports and dashboards

supported audit activities (e.g., SOC 1/SOC 2)

ensured compliance with global regulatory requirements and best practices

addressed vendor assessment challenges within a complex global supplier ecosystem

skilled at collaborating with subject matter experts, key stakeholders, and business partners

developed strong relationships with colleagues regionally and globally, and influence others in areas of the organization where you don't have direct authority

developed and updated policies and standards ensuring processes and controls are documented clearly and comprehensively

prepared and presented routine third-party risk reports and updates to management and appropriate leadership

delivered training programs to enhance third-party risk awareness across the organization

applied experience across other enterprise risk domains (e.g., operational risk, IT risk, regulatory risk, etc.)

leveraged AI and automation tools to enhance efficiency in third-party risk assessments

provided oversight over managed services providers, ensuring service delivery aligns with contractual obligations, risk expectations, and performance standards

experience in information security and IT concepts

strong background in conducting technical vendor risk assessments and analyzing control evidence such as SOC 2 Type II reports, penetration test results, policies, and compliance certifications

supported the ongoing refinement of the third-party risk management framework by applying analytical skills and curiosity

strong written and verbal communication skills

organizational agility, attention to detail, and interpret meaningful information from large data sets

excellent planning, project management skills, and the ability to manage competing priorities with composure