Senior Governance & Risk Analyst

ZS is a place where passion changes lives. As a management consulting and technology firm focused on transforming global healthcare and beyond, our most valuable asset is our people. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping solutions from start to finish. At ZS, we believe that making an impact demands a different approach; and that's why here your ideas elevate actions, and here you'll have the freedom to define your own path and pursue cutting-edge work. We partner collaboratively with our clients to develop products that create value and deliver company results across critical areas of their business including portfolio strategy, customer insights, research and development, operational and technology transformation, marketing strategy and many more. If you dare to think differently, join us, and find a path where your passion can change lives.
Our most valuable asset is our people.
At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems-the ones that comprise us as individuals, shape who we are and
make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. Learn more
The Senior Governance & Risk Administrator will serve as a key member of our IT Governance, Risk, and Compliance team, responsible for proactively identifying and mitigating risks, ensuring compliance with regulations, and enhancing our control framework. The role involves working closely with various stakeholders, analyzing security findings, and providing input into the development and maintenance of security risk scorecards. The candidate will also assist in the management of GRC tools and contribute to various risk governance-related initiatives and special projects.
Responsibilities:

1. Conduct Risk Assessments: Collaborate with the ZS stakeholders from IT, HR, Finance, Legal, etc. teams to perform risk assessments and identify potential threats and vulnerabilities in our IT infrastructure and third-party relationships.
2. Third Party Risk Management (TPRM): Develop, implement, and maintain effective TPRM processes, including third-party risk assessment, due diligence, and ongoing monitoring.
3. Remediation Oversight: Assist in the management of remediation activities, including the development and monitoring of remediation plans for identified risks and vulnerabilities.
4. Documentation and Reporting: Prepare comprehensive findings reports for various stakeholders, summarizing assessment results, remediation progress, and recommended actions, both internally and within the TPRM framework.
5. Audit Support: Provide support during internal and external audits, assisting in audit planning, execution, communication, and reporting phases, with a specific focus on TPRM.
6. Security Monitoring: Analyze findings from security monitoring systems, reviewing vulnerabilities for active and acceptable remediation plans, including third-party risks.
7. Risk Mitigation: Collaborate with cross-functional teams to identify and proactively address potential gaps in security, especially in the context of third-party risks.
8. GRC Tools: Assist in the management and maintenance of GRC tools, including configuration and reporting, with a focus on TPRM capabilities.
9. Policy and Framework Compliance: Ensure that operational controls, including those related to third parties, are aligned with relevant control frameworks, standards, and regulatory requirements.
10. Training and Awareness: Contribute to the development of information security training material and assist in conducting training sessions for relevant stakeholders, emphasizing TPRM best practices.
11. Special Projects: Collaborate on various technology risk governance initiatives and other special projects as assigned, with a strong emphasis on TPRM improvements.
12. Mentorship: Lead and mentor a team of Governance & Risk Analysts/Administrators to ensure efficient execution of risk assessment processes, risk treatment activities, and third-party risk management.

Qualifications:

1. Bachelor's degree in IT or relevant field with a strong academic record.
2. A minimum of 4 years of experience in IT Risk Management and Third-Party Risk Management roles.
3. Knowledge and experience in conducting risk assessments, managing remediation activities, and enhancing TPRM practices.
4. Familiarity with Industry standards and frameworks like ISO 27001, ISO 27701, ISO 27017, ISO 27018, NIST CSF, etc.
5. Strong communication skills, both written and verbal, for reporting and interacting with stakeholders.
6. Knowledge of control frameworks, information security policies, regulatory compliance, and TPRM best practices.
7. Ability to work independently and as part of a team.
8. Willingness to adapt to evolving industry standards and technologies.
9. Certifications such as CISA, CISSP, or other relevant GRC and TPRM certifications are a plus.

Technical Expertise:

1. Proficiency in MS Office, including Word, Excel, and PowerPoint.
2. Experience with GRC tools (e.g., RSA Archer) and software for reporting and compliance management, with a focus on TPRM capabilities.
3. Basic understanding of web-based applications, operating systems, databases, and TPRM tools.
4. Knowledge of laws and regulations impacting data security, privacy, and third-party risk management is a plus.

Perks & Benefits:
ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member.
We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections.
Considering applying?
At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact in global healthcare and beyond. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above.
ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law.
To Complete Your Application:
Candidates must possess work authorization for their intended country of employment. An on-line application, including a full set of transcripts (official or unofficial), is required to be considered.
NO AGENCY CALLS, PLEASE.
Find Out More At:
www.zs.com