Harrington Starr are seeking a Cyber Security Third Party Risk/ Senior GRC Analyst to work for a global trading organisation.
The role will report directly to the CISO and will be responsible for due diligence for external clients and internal vendors whilst working on general GRC related work.
The role will be based in Prague
Key accountabilities will include:
Key skills needed are:
2–4 years of professional experience in security compliance, governance, risk & compliance (GRC), or vendor risk management.
Solid understanding of cybersecurity controls, risk management frameworks (e.g., ISO 27001, SOC 2, NIST), and data protection principles.
Hands-on experience with GRC platforms such as OneTrust, Vanta, Drata, or similar tools.
?Strong organizational and project management skills, with the ability to manage multiple priorities effectively.
Excellent written and verbal communication skills, with the ability to convey complex topics clearly and professionally.
Relevant industry certifications (e.g., CompTIA Security+, ISO 27001 Foundation) are an advantage.
High attention to detail and a strong sense of ownership and follow-through.
Proficient in written English; confident in spoken English communication.
Must be willing to relocate to Prague and have the legal right to work in the Czech Republic.
The role will report directly to the CISO and will be responsible for due diligence for external clients and internal vendors whilst working on general GRC related work.
The role will be based in Prague
Key accountabilities will include:
- Serve as the primary point of contact for responding to external cybersecurity due diligence requests from customers, partners, and regulators.
- Complete and manage a variety of security questionnaires (e.g., SIG, CAIQ, custom forms), ensuring timely and accurate submissions supported by appropriate audit documentation.
- Coordinate cross-functionally with Legal, IT, Privacy, and Compliance teams to deliver consistent, vetted responses aligned with internal policies and regulatory obligations.
- Maintain and regularly update a centralized library of security documentation, including policies, certifications, architectural diagrams, audit reports, and customer-facing artifacts.
- Support contractual and Data Processing Agreement (DPA) reviews by providing subject matter input on security clauses and ensuring alignment with internal standards.
- Track and manage the due diligence pipeline, monitoring the status of requests and approvals to ensure deadlines are met and stakeholders are informed.
- Perform and maintain internal risk assessments, identifying potential control gaps and supporting remediation efforts as required.
- Assist in the preparation for and coordination of external audits and assessments conducted by customers, regulators, or strategic partners.
Key skills needed are:
2–4 years of professional experience in security compliance, governance, risk & compliance (GRC), or vendor risk management.
Solid understanding of cybersecurity controls, risk management frameworks (e.g., ISO 27001, SOC 2, NIST), and data protection principles.
Hands-on experience with GRC platforms such as OneTrust, Vanta, Drata, or similar tools.
?Strong organizational and project management skills, with the ability to manage multiple priorities effectively.
Excellent written and verbal communication skills, with the ability to convey complex topics clearly and professionally.
Relevant industry certifications (e.g., CompTIA Security+, ISO 27001 Foundation) are an advantage.
High attention to detail and a strong sense of ownership and follow-through.
Proficient in written English; confident in spoken English communication.
Must be willing to relocate to Prague and have the legal right to work in the Czech Republic.
