IT GRC Specialist - Third Party Risk (GCP experience required)

*Candidates must be local to the Washington D.C. metro area. 
About Infinitive:

Infinitive is a data and AI consultancy that enables its clients to modernize, monetize and operationalize their data to create lasting and substantial value. . We possess deep industry and technology expertise to drive and sustain adoption of new capabilities. We match our people and personalities to our clients' culture while bringing the right mix of talent and skills to enable high return on investment.

Infinitive has been named “Best Small Firms to Work For” by Consulting Magazine 6 times most recently in 2023. Infinitive has also been named a Washington Post “Top Workplace”, Washington Business Journal “Best Places to Work”, and Virginia Business “Best Places to Work.”
 

Role Overview:
We are seeking a highly skilled and experienced Third Party Risk Consultant with expertise in Governance, Risk, and Compliance (GRC), Business Continuity, Resiliency, and specific experience with Google Cloud Platform (GCP), to join our dynamic team. In this role, you will play a pivotal part in assessing, managing, and mitigating risks associated with our clients third-party relationships, ensuring business continuity, enhancing organizational resilience and recovery capabilities, and overseeing GCP-related risks and compliance.

Responsibilities:

1. Risk Assessment and Analysis:

   • Conduct comprehensive risk assessments for third-party vendors, evaluating their security protocols, data handling practices, and overall risk exposure, with a specific focus on GCP-related risks.
   • Collaborate with the GRC team to integrate third-party risk data into the overall risk management framework.

2. Policy and Compliance Oversight:

   • Develop and maintain policies and procedures related to third-party risk management, ensuring alignment with GRC policies, regulatory requirements, and GCP-specific security and compliance standards.
   • Monitor and enforce compliance with established policies, contributing to the organization's overall compliance objectives in the context of GCP usage.

3. Vendor Due Diligence:

   • Lead the due diligence process for potential third-party vendors, assessing their financial stability, security measures, and overall suitability for partnership, with a focus on GCP-related capabilities and practices.
   • Collaborate with the GRC team to align vendor due diligence efforts with enterprise risk management strategies, particularly in the context of GCP usage.

4. Business Continuity Planning:

   • Develop and implement business continuity plans specific to third-party risks, ensuring the organization's ability to maintain essential functions in the event of disruptions, including those related to GCP services.
   • Coordinate with relevant stakeholders to ensure alignment between third-party risk management, business continuity efforts, and GCP-related resilience strategies.

5. Resiliency and Recovery:

   • Enhance organizational resilience by identifying potential vulnerabilities and implementing proactive measures to withstand and recover from disruptions, including those affecting GCP services.
   • Develop and implement recovery plans, ensuring a swift and effective response to incidents impacting GCP-related operations.

6. Incident Response and Crisis Management:

   • Develop and implement incident response plans specific to third-party risks, collaborating with cross-functional GRC and IT teams to address and resolve any security incidents promptly, with a focus on GCP-related incidents.
   • Contribute to the overall crisis management framework, ensuring alignment with GRC principles, business continuity, resiliency, and GCP-specific response strategies.

Qualifications:

• Bachelor's degree in Business, Risk Management, Information Security, or a related field. Master's degree or relevant certifications (e.g., CRISC, CTPRP, CBCP, CISSP) are a plus.
• Proven experience in third-party risk management with expertise in Governance, Risk, and Compliance, Business Continuity, Resiliency, and specific experience with Google Cloud Platform (GCP).
• Deep knowledge of regulatory requirements and standards related to third-party risk, GRC frameworks, business continuity best practices, and GCP-specific security and compliance standards.
• Excellent communication and interpersonal skills, with the ability to effectively convey complex risk, GRC, business continuity, resiliency, and GCP-related concepts to both technical and non-technical stakeholders.
• Analytical mindset with the ability to think critically and make data-driven decisions.

Applicants for employment in the U.S. must possess work authorization which does not require sponsorship by the employer for a visa. Infinitive is an Equal Opportunity Employer.