Title: GRC Analyst II – Security
Location: Hybrid – Addison, TX 
Duration: Contract to Hire
Rate: $45– 50/HR
Work Requirements: US Citizen, GC Holders or Authorized to Work in the U.S.

Job Summary:
We are seeking a Third-Party Risk Specialist to manage and execute the full lifecycle of vendor risk management. This role is responsible for conducting vendor due diligence, performing security risk assessments, reviewing vendor documentation, and ensuring third parties meet organizational security and compliance requirements.
The ideal candidate has hands-on experience evaluating vendor security posture, working with internal stakeholders and vendors, and driving remediation of identified risks across third-party environments.

Key Responsibilities:
Third-Party Risk Management (Core Focus)

• Manage the end-to-end TPRM lifecycle including onboarding, due diligence, risk assessment, monitoring, and offboarding of vendors
• Perform vendor security risk assessments using standardized questionnaires and control evaluation methodologies
• Review and analyze SOC 1/SOC 2 reports, identifying control gaps and required remediation actions
• Evaluate vendor security documentation (policies, procedures, certifications, audit reports) to assess risk exposure
• Facilitate and review vendor questionnaires (e.g., SIG) and supporting evidence

Vendor Due Diligence & Risk Analysis

• Conduct initial and ongoing vendor due diligence across cybersecurity, operational, and compliance domains
• Assess inherent and residual risk levels and document findings in risk management systems
• Identify and communicate vendor risk issues, partnering with stakeholders to define remediation plans
• Track and manage vendor remediation efforts to closure

Contract & Vendor Governance

• Review security agreements, data processing agreements (DPAs), and security addendums
• Partner with legal, procurement, and business teams to ensure appropriate security and risk clauses are included in vendor contracts
• Validate complementary user entity controls (CUECs) and vendor obligations

Vendor Monitoring & Reporting

• Perform continuous monitoring of third-party risk, including periodic reassessments and review of updated SOC reports or attestations
• Track vendor risk metrics and provide risk reporting and dashboards to stakeholders
• Support vendor segmentation and risk tiering processes

Required Qualifications:

• 3–5+ years of hands-on Third-Party Risk Management (TPRM) experience
• Strong experience with:
  • Vendor risk assessments
  • SOC report reviews
  • Vendor due diligence
  • Security questionnaires
• Experience reviewing:
  • Security addendums / DPAs / vendor contracts
• Familiarity with regulatory environments such as:
  • HIPAA
  • PCI
  • SOX
• Experience using TPRM or risk platforms such as:
  • AuditBoard
  • Workiva

Preferred Qualifications:

• Experience in healthcare or regulated environments
• Familiarity with frameworks such as:
  • NIST
  • HITRUST
• Certifications such as:
  • CISSP
  • CISM
  • CISA

About INSPYR Solutions
Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients' business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.

INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.

Information collected and processed through your application with INSPYR Solutions (including any job applications you choose to submit) is subject to INSPYR Solutions’ Privacy Policy and INSPYR Solutions’ AI and Automated Employment Decision Tool Policy: https://www.inspyrsolutions.com/policies/. By submitting an application, you are consenting to being contacted by INSPYR Solutions through phone, email, or text.

26-156259