GRC Analyst

📋 Description

• • Juniper Square is on a mission to unlock the full potential of private markets, transforming one of the most significant yet inaccessible corners of our financial ecosystem. By digitizing private markets encompassing commercial real estate, private equity, and venture capital, we are injecting efficiency, transparency, and broader access. If you are driven by the prospect of making markets work better through technology and thrive in a values-driven organization, we invite you to join our dynamic team.
• • We champion a digital-first operational approach, enabling seamless collaboration across our geographically dispersed teams spanning 27 U.S. states, 2 Canadian Provinces, India, Luxembourg, and England. While we offer a fully remote work experience, we also maintain physical offices in San Francisco, New York City, Mumbai, and Bangalore for those who prefer an in-office environment.
• • As a GRC Analyst, you will play a pivotal role in bolstering our organization's Governance, Risk, and Compliance (GRC) program, with a particular focus on our third-party risk management (TPRM) initiatives. This role demands a candidate with a robust understanding and proven experience in architecting and implementing scalable, appropriately sized risk processes that align with applicable laws and contractual obligations.
• • Your responsibilities will encompass the entire lifecycle of vendor and contractor risk assessment, from initial onboarding through ongoing monitoring and re-assessment. You will meticulously manage the vendor inventory, actively collaborating with vendors to proactively mitigate identified risks.
• • A key aspect of this role involves triaging incoming technical security requests related to vendor application and system integrations, ensuring they are efficiently routed to the appropriate internal teams for expert input and resolution.
• • You will be instrumental in maturing our classification and management framework for critical vendors, ensuring that high-risk relationships receive the necessary scrutiny and oversight.
• • Furthermore, you will benchmark current practices, identify opportunities for enhancement, and drive the implementation of improvements across the vendor security risk management program.
• • Developing, maintaining, and analyzing comprehensive reporting and metrics will be crucial for providing leadership with clear, actionable insights into the organization's vendor and third-party risk posture.
• • In the realm of Customer Trust and Assurance, you will collaborate with cross-functional teams to gather essential controls evidence required for external audits, ensuring timely submission and report generation. You will also proactively monitor and test the effectiveness of compliance controls throughout the year, extending beyond traditional audit periods.
• • Maintaining our trust center by ensuring security documents and knowledge base articles are current and accurate is a vital function. You will also provide crucial support to our sales teams by addressing open security and privacy inquiries, and assist customers with their security and privacy audits.
• • Within the Governance pillar, you will be responsible for the annual update of policies and procedures, incorporating stakeholder feedback and securing necessary approvals. You will also define and manage incoming policy exceptions on an ongoing basis, diligently assessing and mitigating associated risks.
• • You will contribute to enhancing our Security and Privacy Training and Awareness programs by developing and implementing role and team-specific training modules in close partnership with key business stakeholders. Managing the rollout, escalation, and completion tracking of all security and privacy training modules will be a core duty.
• • For GRC Metrics and Reporting, you will be tasked with collecting and reporting on key GRC performance indicators, providing essential data for strategic decision-making.
• • In Risk Management, you will collaborate with existing teams to maintain business unit risk registers on a monthly basis, ensuring that key risk areas are appropriately identified, assessed, and addressed.
• • This role requires a proactive, analytical, and collaborative individual who can effectively influence security and compliance outcomes across a diverse set of internal stakeholders, including Procurement, IT, Security, Engineering, and Legal teams. Your ability to build rapport and drive consensus will be key to achieving appropriate risk management outcomes.