ZS Associates

Governance & Risk Analyst

ZS Associates$70K — $95K *
Finance & Insurance
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in computer science, Information Systems, or a related field; a master's degree is a plus.
  • At least 2 years of experience in IT risk management, governance, or a related field.
  • Strong knowledge of IT risk assessment methodologies and frameworks.
  • Familiarity with vendor security frameworks (e.g., ISO 27001, NIST, SOC 2).
  • Understanding of regulatory requirements such as GDPR, HIPAA, and PCI DSS.
  • Proficiency in risk assessment tools and methodologies.
  • Strong analytical, problem-solving, communication, and organizational skills.

Responsibilities

  • Conduct end-to-end Vendor Risk Assessments (VRA) including initiation, analysis, and reporting.
  • Review vendor security documentation to assess compliance and risk factors.
  • Identify and document security, privacy, and compliance risks associated with vendors.
  • Coordinate with vendors for risk clarifications and remediation plans.
  • Collaborate with internal teams to support vendor onboarding and decision-making.
  • Maintain risk registers and assessment dashboards for TPRM activities.
  • Support internal audits by providing relevant documentation and evidence.

Benefits

  • Comprehensive total rewards package for health, well-being, and financial future.
  • Flexible and connected hybrid working model combining remote and on-site work.
  • Robust skills-building programs and career progression opportunities.
  • Internal mobility paths for growth and expansion of responsibilities.
  • Collaborative culture that fosters meaningful work and professional development.
Full Job Description
What you'll do: Governance & Risk Analyst in the Enterprise will...

The GRC Analyst will support the organization's Governance, Risk & Compliance function with a primary focus on Third-Party Risk Management (TPRM) and Vendor Risk Assessments (VRA). This role is responsible for conducting end-to-end risk assessments of third-party vendors, identifying security, privacy, and compliance risks, and working with internal stakeholders and vendors to ensure timely risk remediation and closure.

The role requires strong analytical skills, stakeholder engagement, and familiarity with information security, privacy, and regulatory frameworks.

Key Responsibilities

Third-Party Risk Management (TPRM) & Vendor Risk Assessments (VRA)
  • Conduct end-to-end Vendor Risk Assessments (VRA) including initiation, analysis, follow-ups, and final reporting
  • Review vendor security questionnaires, supporting evidence, and contractual artifacts to assess information security, privacy, and compliance risks
  • Identify inherent and residual risks across domains such as not limited only to below:
    • Information Security
    • Data Privacy
    • Access Controls
    • Business Continuity & Disaster Recovery
    • Regulatory & Compliance requirements
  • Clearly document assessment findings, risk ratings, and remediation recommendations in risk management tools and trackers
  • Coordinate with vendors to obtain clarifications, remediation plans, and follow-up evidence for identified gaps

Stakeholder Collaboration & Governance
  • Partner with internal teams including Procurement, Legal, Information Security, Privacy, and Business Owners to support third-party onboarding and risk decisions
  • Escalate high-risk findings and delays to GRC leadership with clear summaries and recommended actions
  • Support second-level reviews and management reporting for VRAs and TPRM activities

Risk Reporting & Continuous Improvement
  • Maintain accurate risk registers, assessment trackers, and dashboards for VRA/TPRM
  • Contribute to improving TPRM frameworks, workflows, and reporting to enhance stakeholder value
  • Assist in developing and updating SOPs, templates, and guidance documents related to vendor risk management

Audit & Compliance Support
  • Support internal and external audits by providing VRA documentation, evidence, and risk summaries
  • Assist with broader GRC initiatives such as policy reviews, opportunity security risk assessments, and compliance assessments as needed

What you'll bring:
  • Bachelor's degree in computer science, Information Systems, or a related field. A relevant master's degree is a plus.
  • Proven experience of at least 2 years or more in IT risk management, governance, or a related field.
  • Strong understanding of IT risk assessment methodologies, frameworks, and industry best practices.
  • Assess vendor security posture against frameworks such as ISO 27001 / 27002, NIST, and SOC 2.
  • Familiarity with regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) and their impact on IT risk management.
  • Knowledge of vendor risk management principles and practices.
  • Experience in performing process, Contract review and project security risk assessments.
  • Proficiency in using risk assessment tools and technologies.
  • Excellent analytical and problem-solving skills.
  • Strong written and verbal communication skills, with the ability to effectively communicate technical concepts to both technical and non-technical audiences.
  • Strong organizational and time management skills, with the ability to manage multiple priorities and deadlines.
  • Relevant certification such as ISO 27001:2022 LA is preferred.
  • Fluency in English
  • Client-first mentality
  • Intense work ethic
  • Collaborative spirit and problem-solving approach


How you'll grow:
  • Cross-functional skills development & custom learning pathways
  • Milestone training programs aligned to career progression opportunities
  • Internal mobility paths that empower growth via s-curves, individual contribution and role expansions


Perks & Benefits:

At ZS, your growth matters. We offer a comprehensive total rewards package that supports your health and well-being, financial future, time away, and professional development. With robust skills-building programs, multiple career progression paths, internal mobility, and a deeply collaborative culture, you'll have the opportunity to do meaningful work, expand your capabilities, and thrive as part of a global community. For details on total rewards in United States, visit ZS US office locations | Where we work | ZS.

Hybrid working model:

We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections.

Travel:

Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures.

About ZS Associates

ZS is a professional services firm that works side by side with companies to help develop and deliver products that drive customer value and company results. From R&D to portfolio strategy, customer insights, marketing and sales strategy, operations and technology, we leverage our deep industry expertise and leading-edge analytics to create solutions that work in the real world. Our most valuable asset is our people?a fact that?s reflected in our values-driven organization in which new perspectives are integral and new ideas are celebrated. ZSers are passionately committed to helping companies and their customers thrive in industries ranging from healthcare and life sciences, to high-tech, financial services, travel and transportation, and beyond.
Learn more about ZS Associates
Size
10,000 employees
Industry
Founded
1983

Similar Jobs

More Jobs at ZS Associates

More Finance & Insurance Jobs

Find similar Governance & Risk Analyst jobs: