Job Description
ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, we transform ideas into impact by bringing together data, science, technology and human ingenuity to deliver better outcomes for all. Here you’ll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client-first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning, bold ideas, courage and passion to drive life-changing impact to ZS. What you'll do: Governance & Risk Analyst in the Enterprise will… The GRC Analyst will support the organization’s Governance, Risk & Compliance function with a primary focus on Third‑Party Risk Management (TPRM) and Vendor Risk Assessments (VRA). This role is responsible for conducting end‑to‑end risk assessments of third‑party vendors, identifying security, privacy, and compliance risks, and working with internal stakeholders and vendors to ensure timely risk remediation and closure. The role requires strong analytical skills, stakeholder engagement, and familiarity with information security, privacy, and regulatory frameworks. Key Responsibilities Third‑Party Risk Management (TPRM) & Vendor Risk Assessments (VRA) Conduct end‑to‑end Vendor Risk Assessments (VRA) including initiation, analysis, follow‑ups, and final reporting Review vendor security questionnaires, supporting evidence, and contractual artifacts to assess information security, privacy, and compliance risks Identify inherent and residual risks across domains such as not limited only to below: Information Security
Data Privacy
Access Controls
Business Continuity & Disaster Recovery
Regulatory & Compliance requirements
Clearly document assessment findings, risk ratings, and remediation recommendations in risk management tools and trackers
Coordinate with vendors to obtain clarifications, remediation plans, and follow‑up evidence for identified gaps Stakeholder Collaboration & Governance Partner with internal teams including Procurement, Legal, Information Security, Privacy, and Business Owners to support third‑party onboarding and risk decisions Escalate high‑risk findings and delays to GRC leadership with clear summaries and recommended actions
Support second‑level reviews and management reporting for VRAs and TPRM activities Risk Reporting & Continuous Improvement Maintain accurate risk registers, assessment trackers, and dashboards for VRA/TPRM Contribute to improving TPRM frameworks, workflows, and reporting to enhance stakeholder value
Assist in developing and updating SOPs, templates, and guidance documents related to vendor risk management Audit & Compliance Support Support internal and external audits by providing VRA documentation, evidence, and risk summaries
Assist with broader GRC initiatives such as policy reviews, opportunity security risk assessments, and compliance assessments as needed What you’ll bring: Bachelor’s degree in computer science, Information Systems, or a related field. A relevant master's degree is a plus.
Proven experience of at least 2 years or more in IT risk management, governance, or a related field.
Strong understanding of IT risk assessment methodologies, frameworks, and industry best practices.
Assess vendor security posture against frameworks such as ISO 27001 / 27002, NIST, and SOC 2.
Familiarity with regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) and their impact on IT risk management.
Knowledge of vendor risk management principles and practices.
Experience in performing process, Contract review and project security risk assessments.
Proficiency in using risk assessment tools and technologies.
Excellent analytical and problem-solving skills.
Strong written and verbal communication skills, with the ability to effectively communicate technical concepts to both technical and non-technical audiences.
Strong organizational and time management skills, with the ability to manage multiple priorities and deadlines.
Relevant certification such as ISO 27001:2022 LA is preferred.
Fluency in English Client-first mentality Intense work ethic Collaborative spirit and problem-solving approach How you’ll grow: Cross-functional skills development & custom learning pathways
Milestone training programs aligned to career progression opportunities
Internal mobility paths that empower growth via s-curves, individual contribution and role expansions Perks & Benefits: ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and
Apply tot his job
Apply To this Job