5 hours ago

GRC Analyst, Third-Party & Client Questionnaire Management

RevSpring

Hybrid

Contractor

$95,000

Hybrid

Job Overview

Job TitleGRC Analyst, Third-Party & Client Questionnaire Management

Job TypeContractor

Offered Salary$95,000

LocationHybrid

Who's the hiring manager?

Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.

Uncover Hiring Manager

Job Description

Job Summary

The GRC Analyst, Third-Party & Client Questionnaire Management supports and manages security, risk, compliance, and due diligence questionnaires from clients, prospects, vendors, and business partners. This critical role acts as a subject matter resource for industry-standard compliance frameworks, ensuring all responses are accurate, consistent, auditable, and aligned with RevSpring’s approved control language and evidence.

This position heavily emphasizes GRC platform enablement, automation, quality assurance, and continuous improvement to streamline questionnaire response processes, reduce cycle times, and bolster the organization’s overall risk and compliance posture.

Essential Functions

Questionnaire Management & Stakeholder Coordination

Support the completion of security, risk, compliance, and due diligence questionnaires from clients, prospects, vendors, and partners.
Serve as a subject matter resource for responding to questionnaires related to HITRUST, PCI DSS, SOC 2, NCQA, and general security and privacy controls.
Coordinate with internal stakeholders, including IT, Security, Compliance, Legal, and Operations, to validate questionnaire responses and obtain supporting documentation or evidence.
Ensure all responses are accurate, consistent, current, and aligned with approved control language, policies, and audit artifacts.
Manage timelines and prioritize questionnaire requests to meet internal and external deadlines.

GRC Platform Enablement & Automation

Configure, maintain, and enhance questionnaire libraries within the GRC platform to support automated and semi-automated responses.
Map questionnaire questions to existing controls, policies, procedures, and evidence within the GRC system to enable reuse, consistency, and standardization.
Continuously enhance automation rules and response logic to reduce manual effort and improve response turnaround time.
Review system-generated responses for accuracy, completeness, and appropriateness prior to submission.
Maintain version control and approval workflows for standardized questionnaire responses.
Track questionnaire requests, response status, and performance metrics through the GRC tool.

Quality Assurance & Continuous Improvement

Perform periodic reviews of standardized questionnaire content to ensure alignment with current control posture, certifications, and audit outcomes.
Update approved responses following control changes, audit findings, framework updates, or regulatory changes.
Identify recurring questions, inefficiencies, or content gaps and proactively address them through control enhancements, documentation updates, or process improvements.
Provide reporting and metrics to leadership on questionnaire volume, turnaround time, automation effectiveness, and emerging risk trends.
Support continuous improvement initiatives related to third-party risk management, client assurance, and compliance operations.

Minimum Requirements

Specific Job Skills:

Minimum of 2 years of experience in Governance, Risk, and Compliance (GRC), information security, third-party risk management, or compliance operations.
Demonstrated experience completing and managing security, risk, compliance, and due diligence questionnaires for clients, prospects, vendors, or partners.
Working knowledge of common compliance and assurance frameworks, including HITRUST, SOC 2, PCI DSS, NCQA, and general security and privacy control frameworks.
Experience coordinating with cross-functional stakeholders (e.g., IT, Security, Compliance, Legal, Operations) to validate responses and obtain supporting evidence.
Hands-on experience using a GRC platform to manage controls, evidence, workflows, and questionnaire responses.
Ability to ensure accuracy, consistency, and version control of standardized responses and supporting documentation.
Strong written communication skills with the ability to clearly articulate technical and control-related concepts to internal and external audiences.
Strong organizational skills and the ability to manage multiple questionnaire requests and deadlines simultaneously.
Proficiency with standard business tools, including Microsoft Office or Google Workspace.

Education:

Bachelor’s degree in Information Security, Risk Management, Business, Information Systems, or a related field, or equivalent professional experience.

Experience:

2–5 years of experience in GRC, information security, compliance, risk management, or third-party risk management.

Key Skills/Competency

GRC Platforms
Third-Party Risk Management
Client Questionnaire Management
HITRUST, PCI DSS, SOC 2, NCQA
Compliance Frameworks
Information Security Controls
Automation & Process Improvement
Stakeholder Coordination
Due Diligence
Audit & Assurance

Tags:

GRC Analyst

Governance

Risk

Compliance

Questionnaire Management

Third-Party Risk

Client Due Diligence

Audit

Automation

Quality Assurance

Stakeholder Coordination

GRC Platforms

HITRUST

PCI DSS

SOC 2

NCQA

Microsoft Office

Google Workspace

Information Security Controls

Data Privacy

Risk Management Software

How to Get Hired at RevSpring

Research RevSpring's culture: Study their mission, values, recent news, and employee testimonials on LinkedIn and Glassdoor.
Tailor your GRC Analyst resume: Highlight experience with GRC platforms, compliance frameworks (HITRUST, SOC 2, PCI DSS), and questionnaire management.
Showcase your communication skills: Prepare examples demonstrating clear articulation of technical and control concepts for internal and external audiences.
Demonstrate automation enthusiasm: Emphasize your ability to streamline processes and enhance efficiency in compliance operations.
Prepare for framework-specific questions: Be ready to discuss your working knowledge of HITRUST, PCI DSS, SOC 2, and NCQA during interviews.

Frequently Asked Questions

Find answers to common questions about this job opportunity

01What is the primary focus of the GRC Analyst, Third-Party & Client Questionnaire Management role at RevSpring?

02What compliance frameworks should a candidate be familiar with for this GRC Analyst position at RevSpring?

03How does RevSpring utilize GRC platforms in this GRC Analyst role?

04What kind of collaboration can a GRC Analyst expect with internal teams at RevSpring?

05What are the opportunities for continuous improvement in the GRC Analyst, Third-Party & Client Questionnaire Management role?

Explore similar opportunities that match your background