Senior Analyst - Governance, Risk & Compliance

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, we transform ideas into impact by bringing together data, science, technology and human ingenuity to deliver better outcomes for all. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client-first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning, bold ideas, courage and passion to drive life-changing impact to ZS.
The Senior Governance & Risk Administrator will serve as a key member of our IT Governance, Risk, and Compliance team, responsible for proactively identifying and mitigating risks, ensuring compliance with regulations, and enhancing our control framework. The role involves working closely with various stakeholders, analyzing security findings, and providing input into the development and maintenance of security risk scorecards. The candidate will also assist in the management of GRC tools and contribute to various risk governance-related initiatives and special projects.
What you'll do:

• Conduct Risk Assessments: Collaborate with the ZS stakeholders from IT, HR, Finance, Legal, etc. teams to perform risk assessments and identify potential threats and vulnerabilities in our IT infrastructure and third-party relationships.
• Third Party Risk Management (TPRM): Develop, implement, and maintain effective TPRM processes, including third-party risk assessment, due diligence, and ongoing monitoring.
• Remediation Oversight: Assist in the management of remediation activities, including the development and monitoring of remediation plans for identified risks and vulnerabilities.
• Documentation and Reporting: Prepare comprehensive findings reports for various stakeholders, summarizing assessment results, remediation progress, and recommended actions, both internally and within the TPRM framework.
• Audit Support: Provide support during internal and external audits, assisting in audit planning, execution, communication, and reporting phases, with a specific focus on TPRM.
• Security Monitoring: Analyze findings from security monitoring systems, reviewing vulnerabilities for active and acceptable remediation plans, including third-party risks.
• Risk Mitigation: Collaborate with cross-functional teams to identify and proactively address potential gaps in security, especially in the context of third-party risks.
• GRC Tools: Assist in the management and maintenance of GRC tools, including configuration and reporting, with a focus on TPRM capabilities.
• Policy and Framework Compliance: Ensure that operational controls, including those related to third parties, are aligned with relevant control frameworks, standards, and regulatory requirements.
• Training and Awareness: Contribute to the development of information security training material and assist in conducting training sessions for relevant stakeholders, emphasizing TPRM best practices.
• Special Projects: Collaborate on various technology risk governance initiatives and other special projects as assigned, with a strong emphasis on TPRM improvements.
• Mentorship: Lead and mentor a team of Governance & Risk Analysts/Administrators to ensure efficient execution of risk assessment processes, risk treatment activities, and third-party risk management.

What you'll bring:

• Bachelor's degree in IT or relevant field with a strong academic record.
• A minimum of 4 years of experience in IT Risk Management and Third-Party Risk Management roles.
• Knowledge and experience in conducting risk assessments, managing remediation activities, and enhancing TPRM practices.
• Familiarity with Industry standards and frameworks like ISO 27001, ISO 27701, ISO 27017, ISO 27018, NIST CSF, etc.
• Strong communication skills, both written and verbal, for reporting and interacting with stakeholders.
• Knowledge of control frameworks, information security policies, regulatory compliance, and TPRM best practices.
• Ability to work independently and as part of a team.
• Willingness to adapt to evolving industry standards and technologies.
• Certifications such as CISA, CISSP, or other relevant GRC and TPRM certifications are a plus.
• Proficiency in MS Office, including Word, Excel, and PowerPoint.
• Experience with GRC tools (e.g., RSA Archer) and software for reporting and compliance management, with a focus on TPRM capabilities.
• Basic understanding of web-based applications, operating systems, databases, and TPRM tools.
• Knowledge of laws and regulations impacting data security, privacy, and third-party risk management is a plus.

How you'll grow:

• Cross-functional skills development & custom learning pathways
• Milestone training programs aligned to career progression opportunities
• Internal mobility paths that empower growth via s-curves, individual contribution and role expansions

Perks & Benefits:
At ZS, your growth matters. We offer a comprehensive total rewards package that supports your health and well-being, financial future, time away, and professional development. With robust skills-building programs, multiple career progression paths, internal mobility, and a deeply collaborative culture, you'll have the opportunity to do meaningful work, expand your capabilities, and thrive as part of a global community. For details on total rewards in India , visit ZS India office locations | Where we work | ZS .
Hybrid working model:
We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections.
Travel:
Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures.
Considering applying?
At ZS, we honor the visible and invisible elements of our identities, personal experiences, and belief systems-the ones that comprise us as individuals, shape who we are, and make us unique. We believe your personal interests, identities, and desire to learn are integral to your success here. We are committed to building a team that reflects a broad variety of backgrounds, perspectives, and experiences. Learn more about our inclusion and belonging efforts and the networks ZS supports to assist our ZSers in cultivating community spaces and obtaining the resources they need to thrive.
If you're eager to grow, contribute, and bring your unique self to our work, we encourage you to apply.
ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law.
To complete your application:
Candidates must possess or be able to obtain work authorization for their intended country of employment. An on-line application, including a full set of transcripts (official or unofficial), is required to be considered.
NO AGENCY CALLS, PLEASE.
Find Out More At:
www.zs.com