Caris Life Sciences · 10 hours ago
GRC Analyst – Enterprise & Third Party Risk
Irving, TX
Full-time
Hybrid
Mid Level
4+ years expCaris Life Sciences is transforming cancer care through precision medicine and innovative healthcare solutions. The GRC Analyst – Enterprise & Third Party Risk will support internal risk assessments and manage third-party risk activities, ensuring effective governance and compliance across the organization.
Artificial Intelligence (AI)BiopharmaBiotechnologyHealth CareLife Science
Responsibilities
Conduct internal risk assessments across business units, systems, applications and processes to identify potential security, operational, and compliance risks
Develop and maintain the internal risk register and facilitate periodic risk reviews with control owners and business stakeholders
Evaluate risk exception requests, perform risk-based analysis, and ensure appropriate documentation, approval, and tracking
Lead and support third-party risk management activities including vendor due diligence, risk assessments, contract reviews, and ongoing monitoring
Partner with procurement, legal, and business stakeholders to embed security and risk requirements into vendor lifecycle processes
Assist in defining and maintaining IT and organizational policies, standards, and procedures related to security, risk, and compliance
Support internal and external audits (e.g., HIPAA, SOX, GDPR) by collecting evidence and addressing audit findings and recommendations
Collaborate with IT and business teams to assess the adequacy and effectiveness of internal controls and drive remediation efforts
Conduct periodic gap assessments and ensure controls are maintained to support ongoing compliance
Stay abreast of changes in regulatory requirements and industry best practices related to risk management, third-party governance, and cybersecurity
Qualification
Required
Bachelor's degree in Information Security, Risk Management, or a related field; or equivalent work experience
Minimum of 4 years of experience in Information Security Risk Management, Third-Party Risk, or GRC functions
Strong understanding of internal control assessments, exception management, and third-party/vendor risk practices
Familiarity with legal and regulatory compliance standards such as HIPAA, SOX, GDPR, etc
Knowledge of security and risk frameworks such as NIST Cybersecurity Framework, ISO 27001, and CIS Controls
Excellent communication skills with the ability to collaborate effectively across technical and non-technical teams
Preferred
Industry certifications such as CISA, CRISC, CISSP are highly desirable
Experience using GRC or IRM platforms (e.g., Compyl, AuditBoard, RSA Archer, LogicGate, or similar)
Experience in healthcare or life sciences industry is a plus
Company
Caris Life Sciences
Caris Life Sciences develops molecular profiling and AI-driven technologies to support precision medicine in oncology.
1001-5000 employees
Funding
Current Stage
Public CompanyTotal Funding
$1.86BKey Investors
BraidwellOrbiMedSixth Street
2025-06-18IPO
2025-04-07Private Equity· $168M
2023-01-19Debt Financing· $400M
Leadership Team
Luke Power
Chief Financial Officer
Brian Stengle
SVP, Chief Marketing Officer
Recent News
2025-12-22
2025-12-21
2025-12-19
Company data provided by crunchbase