Experienced GRC Analyst – Third Party Risk Management & Cybersecurity Compliance (Remote)
---
About arenaflex
Welcome to arenaflex, where innovation meets excellence in the digital landscape. We are a forward-thinking organization committed to delivering exceptional solutions while maintaining the highest standards of cybersecurity and operational excellence. As we continue to expand our global footprint, we are seeking a talented professional to join our dynamic Cybersecurity team.
At arenaflex, we believe that strong governance, risk management, and compliance are the foundation of a secure and successful organization. Our Cybersecurity team comprises dedicated professionals who formulate and implement strategies to help the organization align with its business objectives while managing threats effectively and meeting industry standards. We work on cutting-edge technology and toward new innovations in the area of cybersecurity to deliver excellence in everything we do.
We are currently looking for an experienced GRC (Governance, Risk, and Compliance) Professional to guide GRC-related activities and ensure the clean execution of various tasks within our team. This is a fantastic opportunity for a cybersecurity specialist who is passionate about Third Party Risk Management (TPRM) and wants to make a significant impact within a growing organization.
Position Overview
We are seeking a highly motivated and experienced professional to join arenaflex as a GRC Analyst specializing in Third Party Risk Management and Cybersecurity Compliance. In this role, you will be responsible for assisting with our third-party/internal threat control software while managing internal safety compliance requirements and implementing regulations, tactics, and frameworks.
This position offers the flexibility of remote work and can accommodate both part-time and full-time schedules. You will report directly to the Manager of Governance, Threat and Compliance within our Cyber and Data Safety division.
Key Responsibilities
Third Party Risk Management (TPRM)
Manage and support the organization's Third Party/Internal Risk Management Software and processes
Assist in developing and implementing arenaflex's global third-party/internal risk methodology for conducting cyber threat-related due diligence examinations
Validate incoming third-party/internal risk assessment requests, working with business stakeholders to confirm the details of the request and the scope of the engagement
Conduct kick-off meetings with business stakeholders and any related third parties for conducting Third Party Assessments (TPA)
Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, review submitted questionnaires for completeness, and identify risks arising from the design and operational effectiveness of internal/third parties' security controls
Document responses, associated findings, and remediation plans in arenaflex systems
Draft and review reports for the assessments performed and ensure respective business stakeholders finalize reviews
Serve as a strong liaison to ensure any queries are addressed concerning the risk management technique and evaluation to the business or third parties as required
Carry out continuous tracking of third parties via arenaflex systems for current and new findings and bring any findings to closure
Identify opportunities for improvement within arenaflex systems and processes
Work closely with Risk Lead/Supervisor to schedule and execute a range of other activities related to the risk management program
Governance, Risk, and Compliance
Lead and support the development of cybersecurity risk and compliance-related strategies to ensure treatment of cybersecurity risk consistent with the organization's risk appetite
Maintain and document compliance towards information security-related guidelines and processes through planning, testing, remediating, tracking, and reporting on control reviews and risk assessments
Lead the development and delivery of compliance and risk education and ongoing communications that help promote a culture of security and compliance
Stay abreast of regulatory changes, new guidelines, technology, and internal policy modifications to further identify new key risk areas
Lead activities to maintain and guide ISO 27001 certification and compliance
Essential Qualifications & Experience
Education: Relevant Bachelor's/Master's degree from an accredited university or equivalent professional experience
Experience: Minimum of 4 years of experience in Third Party Risk Management, information security, and audit and compliance tracking (with at least 2-3 years in TPRM or Internal Audit)
Industry Experience: Preferred experience with a large enterprise and/or a major professional services firm
Certifications: One or more of the following credentials: CISA, CRISC, ISO27001 Lead Implementer/Auditor, or CISSP
Required Competencies & Skills
Outstanding stakeholder management skills with the ability to collaborate effectively across multiple departments
Working understanding of information security-related best practices and requirements including ISO 27001, SOC 2 Requirements, SSAE 16/18 Requirements, and other relevant frameworks
Proven experience in the management of risk, controls, and compliance
Knowledge of risk assessment methodologies – both qualitative and quantitative approaches
Strong analytical and problem-solving abilities with attention to detail
Excellent presentation making and delivery abilities
Strong interpersonal skills with the ability to navigate rapid-paced environments
Flexibility with working hours to accommodate global stakeholders
Excellent communication skills, both verbal and written
Ability to adapt quickly to changing conditions and drive quality change
Preferred Skills & Additional Qualifications
Experience with AI/ML technologies as they apply to cybersecurity and risk management
Knowledge of emerging cybersecurity trends and threat landscapes
Experience in developing and implementing risk management frameworks
Familiarity with regulatory frameworks such as GDPR, CCPA, and other privacy regulations
Experience in conducting vendor security assessments and due diligence
Career Growth & Learning Opportunities
At arenaflex, we are committed to the professional development and growth of our employees. As part of our team, you will have access to:
Comprehensive training and development programs
Opportunities to work on cutting-edge cybersecurity projects
Mentorship from experienced industry professionals
Clear career progression pathways within the cybersecurity and GRC domains
Exposure to various international standards and frameworks
Continuous learning opportunities through certifications and workshops
Work Environment & Culture
arenaflex fosters a collaborative, inclusive, and innovative work environment. We value diversity and believe that different perspectives strengthen our team. Our culture emphasizes:
Work-life balance with flexible remote work arrangements
Open communication and transparency
Innovation and continuous improvement
Teamwork and mutual support
Commitment to excellence and integrity
We understand the importance of maintaining a healthy work-life balance, which is why we offer flexible working arrangements that allow you to work from the comfort of your home while staying connected with your team.
Compensation & Benefits
We offer a competitive annual salary of $80,000 commensurate with experience and qualifications. In addition to the base salary, arenaflex provides a comprehensive benefits package that includes:
Health, dental, and vision insurance
401(k) retirement plan with company matching
Paid time off and holidays
Professional development opportunities
Remote work equipment allowance
Wellness programs and resources
How to Apply
If you are passionate about cybersecurity, risk management, and compliance, and you want to be part of a dynamic team that is shaping the future of digital security, we encourage you to apply for this position.
To be considered, please submit your resume and a cover letter highlighting your relevant experience and why you would be a great fit for arenaflex. We review applications on a rolling basis and encourage interested candidates to apply as soon as possible.
Join Our Team
At arenaflex, we are more than just a company – we are a community of dedicated professionals committed to making a difference. We invite you to bring your expertise, passion, and unique perspective to our team. This is an exciting opportunity to grow your career, make an impact, and be part of something special.
We look forward to welcoming a new team member who shares our commitment to excellence and innovation in cybersecurity governance, risk management, and compliance.
arenaflex is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
About arenaflex
Welcome to arenaflex, where innovation meets excellence in the digital landscape. We are a forward-thinking organization committed to delivering exceptional solutions while maintaining the highest standards of cybersecurity and operational excellence. As we continue to expand our global footprint, we are seeking a talented professional to join our dynamic Cybersecurity team.
At arenaflex, we believe that strong governance, risk management, and compliance are the foundation of a secure and successful organization. Our Cybersecurity team comprises dedicated professionals who formulate and implement strategies to help the organization align with its business objectives while managing threats effectively and meeting industry standards. We work on cutting-edge technology and toward new innovations in the area of cybersecurity to deliver excellence in everything we do.
We are currently looking for an experienced GRC (Governance, Risk, and Compliance) Professional to guide GRC-related activities and ensure the clean execution of various tasks within our team. This is a fantastic opportunity for a cybersecurity specialist who is passionate about Third Party Risk Management (TPRM) and wants to make a significant impact within a growing organization.
Position Overview
We are seeking a highly motivated and experienced professional to join arenaflex as a GRC Analyst specializing in Third Party Risk Management and Cybersecurity Compliance. In this role, you will be responsible for assisting with our third-party/internal threat control software while managing internal safety compliance requirements and implementing regulations, tactics, and frameworks.
This position offers the flexibility of remote work and can accommodate both part-time and full-time schedules. You will report directly to the Manager of Governance, Threat and Compliance within our Cyber and Data Safety division.
Key Responsibilities
Third Party Risk Management (TPRM)
Manage and support the organization's Third Party/Internal Risk Management Software and processes
Assist in developing and implementing arenaflex's global third-party/internal risk methodology for conducting cyber threat-related due diligence examinations
Validate incoming third-party/internal risk assessment requests, working with business stakeholders to confirm the details of the request and the scope of the engagement
Conduct kick-off meetings with business stakeholders and any related third parties for conducting Third Party Assessments (TPA)
Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, review submitted questionnaires for completeness, and identify risks arising from the design and operational effectiveness of internal/third parties' security controls
Document responses, associated findings, and remediation plans in arenaflex systems
Draft and review reports for the assessments performed and ensure respective business stakeholders finalize reviews
Serve as a strong liaison to ensure any queries are addressed concerning the risk management technique and evaluation to the business or third parties as required
Carry out continuous tracking of third parties via arenaflex systems for current and new findings and bring any findings to closure
Identify opportunities for improvement within arenaflex systems and processes
Work closely with Risk Lead/Supervisor to schedule and execute a range of other activities related to the risk management program
Governance, Risk, and Compliance
Lead and support the development of cybersecurity risk and compliance-related strategies to ensure treatment of cybersecurity risk consistent with the organization's risk appetite
Maintain and document compliance towards information security-related guidelines and processes through planning, testing, remediating, tracking, and reporting on control reviews and risk assessments
Lead the development and delivery of compliance and risk education and ongoing communications that help promote a culture of security and compliance
Stay abreast of regulatory changes, new guidelines, technology, and internal policy modifications to further identify new key risk areas
Lead activities to maintain and guide ISO 27001 certification and compliance
Essential Qualifications & Experience
Education: Relevant Bachelor's/Master's degree from an accredited university or equivalent professional experience
Experience: Minimum of 4 years of experience in Third Party Risk Management, information security, and audit and compliance tracking (with at least 2-3 years in TPRM or Internal Audit)
Industry Experience: Preferred experience with a large enterprise and/or a major professional services firm
Certifications: One or more of the following credentials: CISA, CRISC, ISO27001 Lead Implementer/Auditor, or CISSP
Required Competencies & Skills
Outstanding stakeholder management skills with the ability to collaborate effectively across multiple departments
Working understanding of information security-related best practices and requirements including ISO 27001, SOC 2 Requirements, SSAE 16/18 Requirements, and other relevant frameworks
Proven experience in the management of risk, controls, and compliance
Knowledge of risk assessment methodologies – both qualitative and quantitative approaches
Strong analytical and problem-solving abilities with attention to detail
Excellent presentation making and delivery abilities
Strong interpersonal skills with the ability to navigate rapid-paced environments
Flexibility with working hours to accommodate global stakeholders
Excellent communication skills, both verbal and written
Ability to adapt quickly to changing conditions and drive quality change
Preferred Skills & Additional Qualifications
Experience with AI/ML technologies as they apply to cybersecurity and risk management
Knowledge of emerging cybersecurity trends and threat landscapes
Experience in developing and implementing risk management frameworks
Familiarity with regulatory frameworks such as GDPR, CCPA, and other privacy regulations
Experience in conducting vendor security assessments and due diligence
Career Growth & Learning Opportunities
At arenaflex, we are committed to the professional development and growth of our employees. As part of our team, you will have access to:
Comprehensive training and development programs
Opportunities to work on cutting-edge cybersecurity projects
Mentorship from experienced industry professionals
Clear career progression pathways within the cybersecurity and GRC domains
Exposure to various international standards and frameworks
Continuous learning opportunities through certifications and workshops
Work Environment & Culture
arenaflex fosters a collaborative, inclusive, and innovative work environment. We value diversity and believe that different perspectives strengthen our team. Our culture emphasizes:
Work-life balance with flexible remote work arrangements
Open communication and transparency
Innovation and continuous improvement
Teamwork and mutual support
Commitment to excellence and integrity
We understand the importance of maintaining a healthy work-life balance, which is why we offer flexible working arrangements that allow you to work from the comfort of your home while staying connected with your team.
Compensation & Benefits
We offer a competitive annual salary of $80,000 commensurate with experience and qualifications. In addition to the base salary, arenaflex provides a comprehensive benefits package that includes:
Health, dental, and vision insurance
401(k) retirement plan with company matching
Paid time off and holidays
Professional development opportunities
Remote work equipment allowance
Wellness programs and resources
How to Apply
If you are passionate about cybersecurity, risk management, and compliance, and you want to be part of a dynamic team that is shaping the future of digital security, we encourage you to apply for this position.
To be considered, please submit your resume and a cover letter highlighting your relevant experience and why you would be a great fit for arenaflex. We review applications on a rolling basis and encourage interested candidates to apply as soon as possible.
Join Our Team
At arenaflex, we are more than just a company – we are a community of dedicated professionals committed to making a difference. We invite you to bring your expertise, passion, and unique perspective to our team. This is an exciting opportunity to grow your career, make an impact, and be part of something special.
We look forward to welcoming a new team member who shares our commitment to excellence and innovation in cybersecurity governance, risk management, and compliance.
arenaflex is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.