GRC Analyst Enterprise & Third Party Risk
Caris Life Sciences
GRC Analyst Enterprise & Third Party Risk
At Caris, we understand that cancer is an ugly worda word no one wants to hear, but one that connects us all. That's why we're not just transforming cancer carewe're changing lives.
We introduced precision medicine to the world and built an industry around the idea that every patient deserves answers as unique as their DNA. Backed by cutting-edge molecular science and AI, we ask ourselves every day: "What would I do if this patient were my mom?" That question drives everything we do.
But our mission doesn't stop with cancer. We're pushing the frontiers of medicine and leading a revolution in healthcaredriven by innovation, compassion, and purpose.
Join us in our mission to improve the human condition across multiple diseases. If you're passionate about meaningful work and want to be part of something bigger than yourself, Caris is where your impact begins.
Position Summary
Working as part of the Information Security Team, the GRC Analyst Enterprise & Third Party Risk will support and lead internal risk assessments, exception reviews, and third-party risk management activities. This role plays a critical part in identifying, assessing, and monitoring risks across internal systems and third-party vendors while ensuring that exceptions to policy are appropriately evaluated and documented. The ideal candidate will bring strong analytical capabilities and a proactive approach to governance, risk, and compliance.
Job Responsibilities
- Conduct internal risk assessments across business units, systems, applications and processes to identify potential security, operational, and compliance risks.
- Develop and maintain the internal risk register and facilitate periodic risk reviews with control owners and business stakeholders.
- Develop dashboards, reports, and metrics to communicate risk status, trends, and program effectiveness to leadership.
- Evaluate risk exception requests, perform risk-based analysis, and ensure appropriate documentation, approval, and tracking.
- Lead and support third-party risk management activities including vendor due diligence, risk assessments, contract reviews, and ongoing monitoring.
- Partner with procurement, legal, and business stakeholders to embed security and risk requirements into vendor lifecycle processes.
- Assist in defining and maintaining IT and organizational policies, standards, and procedures related to security, risk, and compliance.
- Support internal and external audits (e.g., HIPAA, SOX, GDPR) by collecting evidence and addressing audit findings and recommendations.
- Collaborate with IT and business teams to assess the adequacy and effectiveness of internal controls and drive remediation efforts.
- Conduct periodic gap assessments and ensure controls are maintained to support ongoing compliance.
- Stay abreast of changes in regulatory requirements and industry best practices related to risk management, third-party governance, and cybersecurity.
- Assist with the creation and delivery of security awareness training related to risk, vendor management, and compliance requirements.
- Participate in the development and maintenance of business continuity, disaster recovery, and incident response processes from a risk perspective.
Required Qualifications
- Bachelor's degree in Information Security, Risk Management, or a related field; or equivalent work experience.
- Minimum of 4 years of experience in Information Security Risk Management, Third-Party Risk, or GRC functions.
- Strong understanding of internal control assessments, exception management, and third-party/vendor risk practices.
- Familiarity with legal and regulatory compliance standards such as HIPAA, SOX, GDPR, etc.
- Knowledge of security and risk frameworks such as NIST Cybersecurity Framework, ISO 27001, and CIS Controls.
- Excellent communication skills with the ability to collaborate effectively across technical and non-technical teams.
- Ability to translate technical risks into business impacts for non-technical audiences.
- Strong analytical and problem?solving abilities with experience interpreting risk data to drive decision-making.
- Demonstrated ability to manage multiple assessments or projects simultaneously in a fast?paced environment.
- Experience writing policies, standards, procedures, or risk documentation..
- Working knowledge of data protection concepts such as data classification, encryption, access management, and secure data handling.
- Proficiency in Microsoft Excel, PowerPoint, and other data/reporting tools commonly used to support risk analysis and presentations.
- Ability to work independently with minimal supervision while maintaining a high attention to detail.
Preferred Qualifications
- Industry certifications such as CISA, CRISC, CISSP are highly desirable.
- Experience using GRC or IRM platforms (e.g., Compyl, AuditBoard, RSA Archer, LogicGate, or similar).
- Experience with SOC 2, PCI-DSS, HITRUST, or other security compliance frameworks.
- Experience in healthcare or life sciences industry is a plus.
- Background supporting cloud security or assessing cloud service providers (AWS, Azure, GCP).
- Experience conducting business impact analyses (BIA) or participating in business continuity/disaster recovery planning.
- Prior involvement in incident response processes or evaluating post-incident risk implications.
- Strong understanding of contract language related to security, privacy, liability, and service-level obligations.
- Familiarity with quantitative risk analysis methodologies (e.g., FAIR).
- Experience working in organizations undergoing rapid growth, security transformation, or compliance maturity improvements.
Physical Demands
- Must possess the ability to sit and/or stand for long periods of time.
- May be required to lift routine office supplies and use standard office equipment.
Other
- This position may require periodic travel and availability during evenings, weekends, or holidays depending on business needs.
Conditions of Employment: Individual must successfully complete pre-employment process, which includes criminal background check, drug screening, credit check (applicable for certain positions) and reference verification.
This job description reflects management's assignment of essential functions. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.
Caris Life Sciences is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, gender identity, sexual orientation, age, status as a protected veteran, among other things, or status as a qualified individual with disability.
Caris Life Sciences- A leading global financial services firm is seeking an associate level professional for its Third Party Risk Management team in Dallas, Texas. The candidate will focus on assessing and managing critical vendors' operational resilience. Responsibilities include leading...Risk
- Summary Pinnacle Group is seeking a Risk Specialist to support third-party IT risk management and technology vendor assessment activities. This role will focus on evaluating technology vendors from an IT risk perspective, supporting audit readiness, and ensuring alignment...Risk
- ...Job Description Job Description Third Party Cyber Risk Analyst (10844) A growing organization is seeking a Third-Party Cyber Risk Analyst... ...standards such as NIST, ISO, and CIS. ~ Familiarity with enterprise AI technologies, AI governance concepts, and AI-related risks...RiskInterim role
- ...Manager Enterprise Risk The Manager Enterprise Risk manages and coordinates Michaels' claim-related activities (e.g., General Liability... ...the Manager Enterprise Risk manages our relationships with third-party providers. Major Activities Work closely with Third...RiskWork at officeLocal area
- ...Risk Management Specialist The Risk Management Specialist reports to the Enterprise Risk Claims Manager: Enterprise Risk Management Department (ERM) handling all facets... ...The team member will work closely with the third-party administrator, defense counsel, business...RiskFull timePart timeWork at officeLocal area
- ...often (in days) to receive an alert: Manager, Global 2nd Line Third Party Risk Management Global Banking and Markets Global Banking and... ...and contributes to an inclusive work environment. Supports enterprise‑wide TPRM program execution for the assigned business lines,...RiskContract workFlexible hours
- ...GRC Analyst Momentum is a respected collection of independent companies... ...are hiring a Security GRC & Risk Analyst to own the... ...Governance Operationalize the enterprise-wide information security... ...and leadership. Own the third-party risk management program. Define...RiskFull timeLive outWork at office
- ...Job Description Job Description The Third Party Risk Management (TPRM) team's mission is to support the firm's 'One Goldman Sachs' forward strategy by proactively identifying, managing, monitoring and reporting key third party risks in order to enable and challenge...Risk
$130k - $160k
...Danaher Corporation is seeking a Senior Cybersecurity Risk Analyst to manage third-party risk activities across vendors in a remote role. The ideal... ...lifecycles, reviewing vendor contracts, and contributing to enterprise risk operations. Danaher offers a competitive salary...RiskRemote work- ...corporate Information Security GRC team. A specific focus... ...a comprehensive enterprise security program, including governance, risk, and compliance (GRC).... ...Trust & Safety, as well as third party contractors, and... ...In The Life Of a Risk Analyst: Working with a...RiskFor contractorsFlexible hours
$134.4k - $170k
...Information Security Manager to guide security integrity across their third-party ecosystem. This crucial role involves advising stakeholders,... ...measures, and ensuring business continuity through effective risk management. The ideal candidate should have over 7 years of...Risk$170k - $200k
...Claims function, the Head of Third-Party Claims provides strategic leadership... ...Anticipate emerging risks, litigation trends, regulatory... ...Claim Operations and Claims Analysts to identify emerging risks and... ...support future growth You support enterprise value and cross-functional...RiskFull timeSummer workWork at officeLocal area- ...Third Party Risk Management (TPRM) Product Manager Third Party Risk Management (TPRM)'s mission is to reduce extended enterprise risk at Vanguard. We protect Vanguard through our stewardship of the third-party risk lifecycle and enable strategic, risk informed decisions...Risk
- Enterprise Risk and Operational Resilience Analyst page is loaded## Enterprise Risk and Operational Resilience Analystlocations: Dallas, TXtime type: Full... ...product/change governance, model risk management, third-party risk management, operational / IT risk, and AI governance...Risk
$170k - $200k
...Head Of Third-Party Claims As a senior member of the IAS Claims function... ...Anticipate emerging risks, litigation trends, regulatory... ...Claim Operations and Claims Analysts to identify emerging risks and... ...future growth You support enterprise value and cross-functional alignment...RiskWork at office$150k - $200k
...No ERM function existed before you. You get to define what enterprise risk management looks like here. There is no safety net. What you... ...escalation. Inside ERM, you also own Model Risk Management and Third‑Party Risk Management. On MRM, you stand up the governance that...RiskWork at officeRelocationVisa sponsorshipRelocation packageShift work- ...Manager, Information Security GRC owns the strategy, execution,... ...Security Governance, Risk, and Compliance program. This... ...team capability and directing third‑party partners – and is accountable... ...security awareness across the enterprise. The Senior Manager sets the...RiskContract workWork experience placementImmediate start
- A prominent financial institution in Dallas seeks an Associate for its Enterprise Risk Management team. This role involves supporting the governance of the risk management framework, conducting reviews, and managing regulatory compliance. Candidates should have a Bachelor...Risk
- Goldman Sachs is seeking an Associate for its Enterprise Risk Management team in Dallas, Texas. This role involves supporting governance of the Enterprise Risk Management Framework and performing risk reviews to ensure compliance with regulatory requirements. The ideal...Risk
- ENTERPRISE RISK MANAGEMENT - Risk Architecture -Associate The Enterprise Risk Management team is responsible for ensuring that the firm’s risks are managed systemically, such that the firm has a regular, comprehensive view of its risk profile as well as of key trends and...Risk
$200k - $300k
..., the Senior Director, Procurement Governance, Risk & Compliance leads the enterprise procurement governance and third‑party risk capabilities that protect Equinix from regulatory... ...supplier governance Experience working with GRC/TPRM tooling (e.g., risk assessment workflows,...RiskContract workWork at office- ...platform for context-driven AI governance, AI risk assessment and compliance (to regulations... ...AI, you will guide customers in the enterprise-wide adoption of the Credo AI Governance... ...00 customers. Experience implementing GRC software. Familiarity with AI governance...RiskWork at officeRemote work
$1,000 per month
...Senior Technology Risk Analyst The Senior Technology Risk Analyst... ...expected to manage and mature the enterprise risk register and drive high... ...risk register within the GRC platform. Identify... ...Maintain strong oversight of third-party, vendor, and business-partner...RiskCasual workWork at officeWeekend workAfternoon shift- ...Business Risk and Control Officer Tampa, FL or Jacksonville, FL or Irving TX (Hybrid... ...concentration risks in accordance with enterprise Policies and the establishment of Key... ...of these risks within the Business (e.g. third party, fraud, sanctions etc) (if applicable)....RiskContract workWork experience placement
$22 per hour
...COMPANY OVERVIEW Asset Living is a third-party management firm and a proven partner in fostering thriving communities nationwide. Founded... ...personnel, leasing, maintenance, financial, administration & risk management in the absence of the Community Manager. As an...RiskHourly payPermanent employmentFull timeFor contractorsNight shiftWeekend work- A mid-sized financial services firm is seeking a Chief Risk Officer based in Dallas, Texas, to lead and shape the enterprise risk management framework. This senior role requires substantial leadership experience in risk, compliance, or governance within wealth management...Risk
$114.1k - $268.18k
...inspiration and expand your capabilities, then consider a career in Advisory. KPMG is currently seeking a Lead Specialist, Third Party Risk Management to join our Managed Services practice. Responsibilities: Interact with onshore engagements and clients directly...RiskFull timeLocal areaRemote work- Job Description The Third-Party Specialist will be responsible for managing and assessing risks associated with third‑party relationships. This includes vendors, contractors, and other external entities. Job Responsibilities Evaluate and assess the risks associated with...RiskContract workFor contractors
- ...for running complex business performance, risk and operational analytics. May include... ...expectations. Applies predictive models, third party data, and other tools to develop and... ...ensure they adhere to and support PNC's Enterprise Risk Management Framework. Competencies...RiskFull timeTemporary workPart timeWork experience placementLocal area
- ...Firewall, Governance, Risk, Architecture and Offensive... ...The Cybersecurity Risk Analyst is responsible for... ...business partners across the enterprise to ensure company... ...standards and controls Perform third party risk assessments... ...building knowledge of GRC tooling, processes, and...RiskWork experience placementWork at officeVisa sponsorship
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to GRC Analyst Enterprise & Third Party Risk. Be the first to apply!


