Cybersecurity Analyst, IT GRC
Aprio, Atlanta, GA, United States
Join Aprio’s Business Operations IT team and you will help clients maximize their opportunities. Aprio is a progressive, fast‑growing firm looking for a Cybersecurity Analyst to join their dynamic team.
We are seeking a highly motivated GRC Analyst to support our Third‑Party Risk Management (TPRM) and Vendor Risk Assessment program. This role is critical to ensuring that third‑party risks are identified, assessed, monitored, and reported effectively across the organization. The ideal candidate brings hands‑on experience with third‑party assessments, strong analytical and reporting skills, and the ability to learn and adapt quickly in a dynamic environment. In addition to vendor risk responsibilities, the analyst will support other GRC activities as business needs evolve.
Position Responsibilities Third-Party & Vendor Risk Management
Execute end‑to‑end third‑party and vendor risk assessments, including inherent risk scoring, due diligence reviews, and residual risk evaluation
Review and analyze third‑party artifacts such as SOC reports, ISO certifications, policies, procedures, and security questionnaires
Identify control gaps, document risk issues, and track remediation activities with vendors and internal stakeholders
Support onboarding of new vendors and periodic reassessments of existing third parties
Maintain accurate third‑party risk documentation in GRC or vendor risk management tools
Reporting, Metrics & Executive Support
Develop, maintain, and enhance risk metrics, dashboards, and reporting for third‑party risk
Track key performance indicators (KPIs) and key risk indicators (KRIs) related to vendor risk, assessment cycle times, remediation status, and risk trends
Prepare materials for leadership and executive‑level reporting, translating risk data into clear, actionable insights
Support audits, regulatory exams, and internal reviews related to third‑party risk management
Broader GRC Support
Assist with additional GRC activities as needed, including policy management, risk assessments, control testing, and compliance initiatives
Support alignment with recognized frameworks and standards (e.g., NIST CSF, ISO 27001, SOC, FFIEC, or similar)
Participate in continuous improvement of GRC processes, templates, and methodologies
Collaborate with cross‑functional teams including Security, IT, Legal, Procurement, Privacy, and Business Owners
Required Qualifications
2+ years of experience in Third‑Party Risk Management, Vendor Risk Assessments, or GRC‑related roles
Demonstrated experience conducting or supporting third‑party risk assessments
Strong understanding of information security and risk management concepts
Proven ability to produce clear reporting, metrics, and dashboards
Strong analytical, organizational, and documentation skills
Ability to learn quickly, adapt to changing priorities, and manage multiple assessments simultaneously
Effective written and verbal communication skills
Preferred Qualifications
Experience with GRC or TPRM tools (e.g., Archer, ServiceNow GRC, OneTrust, Riskonnect, or similar)
Familiarity with regulatory and industry standards impacting third‑party risk
Experience supporting audits or regulatory examinations
Relevant certifications (e.g., CISA, CRISC, CISSP, CTPRP, or similar)
$80,000 - $120,000 a year
The application window is anticipated to close on 6/5/26 and may be extended as needed.
Benefits we offer for full‑time team members
Medical, Dental, and Vision Insurance on the first day of employment
Flexible Spending Account and Dependent Care Account
401(k) with Profit Sharing
9+ holidays and discretionary time off structure
Parental Leave – coverage for both primary and secondary caregivers
Tuition Assistance Program and CPA support program with cash incentive upon completion
Discretionary incentive compensation based on firm, group and individual performance
Incentive compensation related to origination of new client sales
Top‑rated wellness program
Flexible working environment including remote and hybrid options
EQUAL OPPORTUNITY EMPLOYER Aprio is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, pregnancy, sexual orientation, gender identity and/or expression, age, disability, genetic information, citizenship status, military service obligations or any other category protected by applicable federal, state, or local law.
#J-18808-Ljbffr
We are seeking a highly motivated GRC Analyst to support our Third‑Party Risk Management (TPRM) and Vendor Risk Assessment program. This role is critical to ensuring that third‑party risks are identified, assessed, monitored, and reported effectively across the organization. The ideal candidate brings hands‑on experience with third‑party assessments, strong analytical and reporting skills, and the ability to learn and adapt quickly in a dynamic environment. In addition to vendor risk responsibilities, the analyst will support other GRC activities as business needs evolve.
Position Responsibilities Third-Party & Vendor Risk Management
Execute end‑to‑end third‑party and vendor risk assessments, including inherent risk scoring, due diligence reviews, and residual risk evaluation
Review and analyze third‑party artifacts such as SOC reports, ISO certifications, policies, procedures, and security questionnaires
Identify control gaps, document risk issues, and track remediation activities with vendors and internal stakeholders
Support onboarding of new vendors and periodic reassessments of existing third parties
Maintain accurate third‑party risk documentation in GRC or vendor risk management tools
Reporting, Metrics & Executive Support
Develop, maintain, and enhance risk metrics, dashboards, and reporting for third‑party risk
Track key performance indicators (KPIs) and key risk indicators (KRIs) related to vendor risk, assessment cycle times, remediation status, and risk trends
Prepare materials for leadership and executive‑level reporting, translating risk data into clear, actionable insights
Support audits, regulatory exams, and internal reviews related to third‑party risk management
Broader GRC Support
Assist with additional GRC activities as needed, including policy management, risk assessments, control testing, and compliance initiatives
Support alignment with recognized frameworks and standards (e.g., NIST CSF, ISO 27001, SOC, FFIEC, or similar)
Participate in continuous improvement of GRC processes, templates, and methodologies
Collaborate with cross‑functional teams including Security, IT, Legal, Procurement, Privacy, and Business Owners
Required Qualifications
2+ years of experience in Third‑Party Risk Management, Vendor Risk Assessments, or GRC‑related roles
Demonstrated experience conducting or supporting third‑party risk assessments
Strong understanding of information security and risk management concepts
Proven ability to produce clear reporting, metrics, and dashboards
Strong analytical, organizational, and documentation skills
Ability to learn quickly, adapt to changing priorities, and manage multiple assessments simultaneously
Effective written and verbal communication skills
Preferred Qualifications
Experience with GRC or TPRM tools (e.g., Archer, ServiceNow GRC, OneTrust, Riskonnect, or similar)
Familiarity with regulatory and industry standards impacting third‑party risk
Experience supporting audits or regulatory examinations
Relevant certifications (e.g., CISA, CRISC, CISSP, CTPRP, or similar)
$80,000 - $120,000 a year
The application window is anticipated to close on 6/5/26 and may be extended as needed.
Benefits we offer for full‑time team members
Medical, Dental, and Vision Insurance on the first day of employment
Flexible Spending Account and Dependent Care Account
401(k) with Profit Sharing
9+ holidays and discretionary time off structure
Parental Leave – coverage for both primary and secondary caregivers
Tuition Assistance Program and CPA support program with cash incentive upon completion
Discretionary incentive compensation based on firm, group and individual performance
Incentive compensation related to origination of new client sales
Top‑rated wellness program
Flexible working environment including remote and hybrid options
EQUAL OPPORTUNITY EMPLOYER Aprio is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, pregnancy, sexual orientation, gender identity and/or expression, age, disability, genetic information, citizenship status, military service obligations or any other category protected by applicable federal, state, or local law.
#J-18808-Ljbffr