Juniper Square is looking for a GRC Analyst to support and mature our governance, risk, and compliance program, with a key focus on our third-party risk management framework. You will build scalable, right-sized risk processes aligned with laws and customer commitments, collaborating closely with a broad set of cross-functional stakeholders. At Juniper Square, we are unlocking the full potential of private markets through technology and a values-driven approach.
What You'll Do
- Manage the vendor and contractor risk assessment process during onboarding, adhering to a defined Service Level Agreement (SLA).
- Conduct annual vendor monitoring and re-assessment processes for existing vendors.
- Maintain the vendor inventory and collaborate with vendors on an ongoing basis to reduce identified risks.
- Triage incoming technical security requests for vendor application/system integrations and route to appropriate teams for input.
- Help mature the classification and management framework for critical vendors.
- Benchmark, identify, drive, and manage improvements to the vendor security risk management program.
- Develop, maintain, and analyze reporting and metrics to provide leadership with clear visibility into the vendor and third-party risk posture.
- Work with cross-functional teams to procure controls evidence for external auditors and issue reports in a timely manner.
- Monitor and test effectiveness of compliance control health throughout the year, not just during audits.
- Maintain our trust center by keeping security documents and knowledge base up-to-date.
- Support sales teams with open security and privacy questions.
- Support customer security and privacy audits.
- Update policies and procedures annually while incorporating stakeholder feedback and obtain approval.
- Define and manage incoming policy exceptions on an ongoing basis to manage associated risk.
- Develop and implement role and team specific security and privacy training working closely with key business partners.
- Manage the roll-out, escalation and completion of all security and privacy training modules.
- Collect and report on key GRC performance metrics.
- Maintain business unit risk registers with existing teams on a monthly basis to appropriately address key risks areas.
What We're Looking For
- Bachelor's degree in information systems, engineering, business, risk management, or a related field.
- 5+ years of security/GRC experience, including substantial experience with vendor security risk management and performing vendor security reviews/audits.
- Proven experience in managing and improving vendor security risk programs, including familiarity with vendor security questionnaires for third-party assessments.
- Direct experience, knowledge and understanding of major security frameworks, regulations, and standards such as SOC 2 and ISO 27001.
- Experience working effectively with diverse teams to influence security and compliance outcomes across the organization (e.g., Procurement, IT, Security, Engineering, Legal).
- Experience developing and maintaining scalable GRC processes.
- Ability to partner with stakeholders collaboratively to implement a scalable approach to TPRM.
- Excellent communication and interpersonal skills.
Nice to Have
- Prior experience with major GRC software solutions.
Work Mode
This is a hybrid role. Juniper Square operates with digital-first, distributed teams. This position is open to candidates located in 27 U.S. states, 2 Canadian Provinces, India, Luxembourg, and England.
Juniper Square is an equal opportunity employer.
