Risk Manager
Pinnacle Group, Inc.
Job Description
About Pinnacle Group
Pinnacle Group is a leading workforce solutions provider with deep experience supporting enterprise clients across corporate, professional services, technology, and operational functions. We partner with organizations to deliver high-quality talent solutions that help teams strengthen governance, improve business processes, and manage risk effectively. Our approach emphasizes professionalism, accountability, and long-term partnership.
Summary
Pinnacle Group is seeking a Third-Party Risk Analyst (Technology/AI Risk) to implement, manage and oversee our third-party risk management program, with particular focus on identifying and mitigating information technology and Artificial Intelligence (AI) related risks. This role will partner with Information Security, Legal, Compliance, and Business stakeholders to identify, assess, and mitigate risks associated with all third-party relationships. The ideal candidate has 3–5 years of experience in third-party risk management, technology risk, compliance, information security, audit, or a related discipline and is comfortable evaluating vendor controls, cybersecurity practices, and emerging AI-related risks, but also capable and willing to manage the entirety of the third-party risk management program.
Job Description
- Sole and complete ownership of the third-party risk management program, which requires completion of risk-based assessments of third-party vendors throughout the vendor lifecycle, including new vendor onboarding and periodic reviews.
- Interface with third-party auditors, vendors, and internal stakeholders to gather information and respond to assessment requests.
- Review and interpret SOC 1 and 2 reports, ISO 27001 certifications,, penetration testing reports, business continuity and disaster recovery plans, privacy and data protection and related compliance documentation to assess alignment with organizational risk requirements.
- In collaboration with the IT department, assist in responding to information technology related third-party questionnaires, ensuring responses are accurate, complete, and professionally documented.
- Maintain organized assessment records, supporting materials, and risk documentation in accordance with internal policies and procedures.
- Prepare risk summaries, dashboards, and report for management and governance committees.
- Collaborate with cross-functional teams to improve risk assessment processes, strengthen vendor oversight, and support audit readiness.
- Demonstrate the ability to take on increasing responsibility and grow into a future leadership role within the risk function.
- Ensure maintenance of Pinnacle Group’s ISO 27001 certification and SOC 2 compliance, with support from IT department.
- Collaborate with key stakeholders to create, maintain and implement AI related standards and procedures
- Enhance and maintain Pinnacle Group’s business continuity plan in collaboration with appropriate stakeholders
Requirements
- Bachelor’s degree in Business Information Systems, Cybersecurity, Risk Management or related field.
- Experience performing third-party risk assessments including expertise in completing technology vendor assessments, including Saas platforms, cloud providers, managed service providers, and software vendors, and AI enabled products
- Strong knowledge of industry technology security frameworks such as NIST, ISO 27001, CIS Controls, and SOC standards
- Experience interfacing with third-party auditors and responding to third-party risk or security questionnaires.
- Ability to assess technology vendors, identify risk concerns, document findings, and communicate recommendations clearly.
- Strong written and verbal communication skills, with the ability to work effectively with auditors, vendors, and internal stakeholders.
- Demonstrated potential to grow into a leadership role, including ownership mindset, sound judgment, and the ability to influence process improvements.
- Experience using Drata or similar governance and risk management platforms.
- Working knowledge of AI related risks.
Required Skills
Similar Jobs
View all →
26-4002: Security & Endpoint Engineer
Navitas Business Consulting, Inc.
Director Information Security - GCC India & JAPAC
BioSpace
Security Engineer III
Anaplan
Product Development Manager
NopalCyber
Senior Security GRC Analyst
Kite
Similar Jobs
View all →
26-4002: Security & Endpoint Engineer
Navitas Business Consulting, Inc.
Kolkata
Director Information Security - GCC India & JAPAC
BioSpace
Hyderabad
Security Engineer III
Anaplan
Gurugram
Product Development Manager
NopalCyber
Hyderabad
Senior Security GRC Analyst
Kite
GurgaonShare
Quick Apply
Upload your resume to apply for this position