Risk Analyst Full-time Job

LATAM Risk Analyst

Location: Remote, will work on US time zones

Duration: 12+ months

Excellent English language skills required

Job Description:

We are seeking a highly skilled and experienced Risk Analyst to join our GRC team. In this role, you will be responsible for leading third-party risk assessments with a focus on Information Security and GRC, evaluating inherent and residual risks to drive risk-informed decision-making.

Key Responsibilities:

**Lead third-party risk assessments** with a focus on Information Security and GRC, evaluating inherent and residual risks to drive risk-informed decision-making.

Perform in-depth due diligence on prospective and existing vendors, with an emphasis on cybersecurity controls, regulatory compliance (e.g., GDPR, SOC 2, ISO 27001), and data protection practices.

Ensure integrity, consistency, and audit-readiness of third-party data within the GRC platform, supporting executive reporting and regulatory compliance.

Collaborate with key stakeholders across Information Security, Privacy, Legal, Procurement, and Business Units to integrate third-party risk insights into broader enterprise risk initiatives.

Provide expert guidance during third-party offboarding, ensuring risk is appropriately retired and that data retention, access, and continuity controls are validated.

Support external audits, internal investigations, and regulatory inquiries by preparing accurate and timely responses related to TPRM practices and control effectiveness.

Contribute to the enhancement of TPRM policies, playbooks, and metrics to continuously mature the program.

Qualifications:

5+ years of experience in third-party risk management, information security, IT audit, or GRC, preferably within Gaming, Technology, or Consulting.

Deep understanding of security risk assessment frameworks and best practices (e.g., NIST, ISO 27001, SIG, CSA, etc.).

Proficiency in JIRA and GRC platforms such as OneTrust, ServiceNow, or similar tools, with the ability to lead data analysis and system improvements.

Demonstrated ability to identify and assess security, privacy, and operational risks with a practical and solutions-oriented mindset.

Excellent verbal and written communication skills, with the ability to influence and challenge stakeholders at all levels while maintaining constructive relationships.

Comfortable navigating ambiguity, leading through change, and managing complex or sensitive third-party issues.

Experience with regulatory requirements related to vendor management and data security is highly preferred.

Comfortable working in a cross-functional environment and adapting to changing business and regulatory requirements.

Understanding of IT Risk Management concepts.

Understanding of the S-SDLC and the Agile Project Methodology.

At IT Cardinal Partners, we are passionate about creating future-proof and sustainable IT solutions for our clients through our people. To us, nothing is more important than helping you achieve specific business goals and aspirations. Big or small, we help you tailor specific IT enablement strategies and improve profitability and reduce complexity. Our professional team works with you to know every significant aspect of your business operation, and the key members of your organization. We understand that you are looking for a high quality and balanced approach between technological competences and business consulting capabilities, and thats exactly what we help you achieve.