Third Party Risk Analyst
About The Opportunity
Grubhub is dedicated to connecting hungry diners with our wide network of restaurants across the country. Our innovative technology, easy-to-use platforms and streamlined delivery capabilities make us an industry leader today, and in the future of online food ordering.
We strive to create a workplace that reflects the diversity of our customers and the communities we serve. When you join our team, you become part of a community that works together to innovate, solve problems, take risks, grow, work hard and have a ton of fun in the process!
Why Work For Us
We have a fast-paced environment and that is what our teams thrive on. Grubhub believes in empowering people and offering opportunities for development, as well as professional growth. We value strong, positive relationships in all areas: with each other, our customers and our greater community. Want to be a part of a team of diverse collaborators in an authentically fun culture? If so, we want to talk to you - and hear what's your favorite restaurant for food delivery!
The Impact You Will Make
The Grubhub Procurement organization is looking for an experienced supplier and third party risk management (TPRM) analyst with good understanding of technology and information security principles; prior Sourcing and/or supplier lifecycle administration experiences are welcome. The role will support build-out of Grubhub's Supplier Onboarding & Lifecycle processes. This individual will perform supplier due diligence assessments to identify inherent and residual supplier risk; document findings; help maintain and improve internal controls adherence, and follow up on components of appropriate corrective action plans. The position will closely work with the Business Stakeholders, Security, Legal, Information Technology and third parties' teams as well as support ad-hoc projects to help identify, assess, and remediate third party-related risks.
Specific Responsibilities Will Include:
- Identify risk, develop risk mitigation strategies and document findings remediation through closure.
- Help establish a consistent and repeatable process of supplier assessments and risk oversight.
- Educate and consult business stakeholders in developing and continuously improving the understanding of supplier risk and strategies to mitigate it.
- Execute locally, the global company standards to satisfy regulatory requirements around data privacy and sharing.
- Maintain a centralized supplier inventory and lifecycle in which vendor data is reconciled with Accounts Payable and Purchasing databases.
- Interact directly with suppliers, as needed, to ensure the appropriate information is gathered and assessed prior to onboarding approval.
- Assist in developing a Supplier lifecycle management process including Onboarding, Ongoing Monitoring, and Offboarding to ensure our supply relationships are extracted from Grubhub systems when we are no longer working with them.
- Develop communications, as appropriate, to ensure the process and policy are understood by the stakeholder base.
- Provide strategic level thinking, supplier management leading practices, and continuous improvement ideas to ensure best in class processes.
- Regularly interface with stakeholders to ensure our processes meet the needs of the business as well as satisfies changing regulatory requirements.
What You Bring to the Table
- 3-5 plus years related experience in Finance, Audit, Information Security, or Business Process Improvement
- 2+ years prior experience performing supplier assessments
- Demonstrated experience in Supplier Risk Management, specializing in data security and privacy
- Experience in Procurement and Sourcing is welcomed
- Demonstrated communication and project management skills working with cross-functional teams across levels within the organization
- Ability to work independently and lead in a team environment; self-motivated; strong analytical and problem solving skills; ability to process large amounts of often complex data; detail oriented, self-starter
- Ability to establish and monitor policies and guidelines
- Working knowledge of procurement systems and e-sourcing tools
- Able to navigate a fast-paced environment with working with remote teams
- Knowledge of SaaS architecture, automation tools, scripting and API integration would be helpful, but not required
- Knowledge of compliance and audit frameworks such as NIST, ISO27XXX, AICPA SOC1/2, etc.
- Familiarity with security and authentication protocols (SAML, LDAP)
- Knowledge and admin experience with risk management tools such as OneTrust, Archer, ServiceNow, Aravo, MetricsStream, Diligent, or similar
- One of the following certificates is a huge plus: CISA, CRISC, CIASM, CISSP, CIA
- Currently certified as CTPRP, or CRVPM, or similar; ability to obtain within 1 year if not currently certified.
And Of Course, Perks!
- PTO. Grubhub employees are provided a generous amount of time to recharge their batteries.
- Health and Wellness. We provide programs that support your overall well-being such as generous medical benefits, employee network groups, company-wide fitness challenges, and a comfortable and casual workplace! We also support our parents by offering 8 weeks of paid parent bonding time, a 4-week returnship program, and 6-8 weeks paid medical leave.
- Learning and Career Growth. Your personal and professional development is a priority at Grubhub. From day one, we empower you to lead and be an active participant in your career growth. We provide continuous learning opportunities, training, and coaching and mentorship programs.
- MealPerks. Who's ready for some lunch? We provide our employees with a weekly Grubhub credit to enjoy and support local restaurants. We also offer company-wide meals several times a year to bring our Grubhub family together.
- Fun. Every Grubhub office has an employee-led Culture Crew that connects people through fun, meaningful events and initiatives. Some of our popular past events include: Wing-eating contests, Grubtoberfest, 5k Runs, Bring Your Child to Work Day, regular happy hours, and more!
- Social Impact. We believe in the importance of serving the communities that support our business. In addition, employees are given paid time off each year to support the causes that are important to them.
Grubhub is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. The EEO is the Law poster is available here: DOL Poster . If you are applying for a job in the U.S. and need a reasonable accommodation for any part of the employment process, please send an e-mail to [email protected] and let us know the nature of your request and contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this email address.
CA Privacy Notice: If you are a resident of the State of California and would like a copy of our CA privacy notice, please email [email protected].