Information Security GRC Analyst – Third‑Party Risk Management

About the role

As an Information Security GRC Analyst at Edwards Lifesciences, you will support the organization’s patient‑focused mission by managing third‑party security risk. You will work closely with internal stakeholders and external vendors to ensure robust governance, compliance, and transparency throughout the vendor risk lifecycle.

Key responsibilities

• Manage vendor security risk assessments, following up on incomplete Information Risk Questionnaires.
• Review and clarify Third‑Party Intake Form (TPIF) queues, trigger, monitor, and track assessments.
• Escalate non‑responsive vendors according to service expectations.
• Review submitted evidence (ISO certificates, Statements of Applicability) for completeness and request missing documentation.
• Assess due‑diligence results and support approval of TPIF tickets.
• Open, document, and track risk issues; coordinate remediation and status updates with stakeholders.
• Support expansion of due‑diligence to evaluate supplier Data and AI governance practices.
• Contribute to dashboard execution, reporting accuracy, and automation of TPRM processes.
• Execute defined TPRM processes consistently and drive continuous improvement of tools and workflows.

Required profile

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field.
• Minimum 2 years of experience in information security, risk management, compliance, or a related governance/operational role.

Required skills

• Third‑Party Risk Management (TPRM) processes.
• Vendor security risk assessment and issue tracking.
• Review of security evidence such as ISO certificates and Statements of Applicability.
• Data and AI governance assessment.
• Dashboard reporting and automation.

What we offer

• Opportunity to contribute to cutting‑edge medical technology innovations.
• Collaborative global IT environment.
• Professional growth in a leading healthcare company.