Risk and Compliance Analyst

About Eleven Recruiting

We are a specialized technology staffing agency supporting professional and financial services companies. Why do we stand out in technology staffing?

We listen and act as advisors for our candidates on how they can best add value, find interesting projects, and pave a path for career advancement.

We advocate for best pay, diversity in tech, and best job-fit for every candidate we place.

Our client, a national law firm, is seeking an experienced Risk and Compliance Analyst to join their team!

RESPONSIBILITIES :

• Maintain a balanced risk management and compliance control framework, working with key stakeholders in alignment with Firm and client standards
• Review Firm policies, procedures, and standards, partnering with Human Resources and other stakeholders to ensure compliance with client outside counsel guidelines
• Facilitate and document client security assessments and other client requests, including internal and client communications, meetings, deadlines, research, responses, and remediation requests
• Analyze client security assessment results and recommend improvements to business processes, administrative, and technical controls
• Collect vendor information from vendor owners, research tools, and public resources, ensuring the vendor database is up-to-date
• Maintain vendor management tools used to track the vendor management lifecycle, security risk assessments, business risk assessments, and contract reviews
• Conduct security and business risk assessments of third party vendors, tracking remediation requests in accordance with the vendor risk program and policies
• Review contracts for low risk third party vendors in accordance with the vendor management program, partnering with vendor owners and contract review attorneys
• Review and develop scenarios for the Firm's risk register
• Partner with appropriate business units to ensure appropriate operational, technical, and data privacy controls are implemented and enforced
• Document internal controls and map to Firm and client compliance standards (e.g., ISO 27001, SOC 2, NIST, Center for Internet Security Top 18)
• Analyze compliance gaps and recommend improvements to business processes, administrative, and technical controls
• Respond to Data Subject Request (DSR) inquiries related to GDPR, CCPA, or other privacy laws
• Document, investigate, and report compliance issues and incidents, where necessary
• Collect, analyze, and prepare reports required for senior management, auditors, and other relevant stakeholders
• Assist with the outside counsel guideline review process (e.g., drafting responses, tracking deadlines, liaise with risk partners for review and approval)
• Assist with the audit letter review process (e.g., drafting letters, tracking deadlines, liaise with the Audit Committee for review and approval)

QUALIFICATIONS :

• High school diploma or GED required. Bachelor's degree preferred, or comparable experience of 5+ years of combined experience in information security, GRC, BCP / DR, or risk management with at least 3 years of experience developing and implementing governance, risk, or compliance programs.
• Certified Information Security Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), or other relevant training and certifications are highly recommended.
• Proficiency with Microsoft Office Word, Excel, and PowerPoint is desired
• Proficiency with Governance, Risk, and Compliance (GRC) tools (i.e., RSA Archer, LogicManager, KnowBe4 Compliance Manager) is desired
• Proficiency with vendor risk tools (e.g., Third Party Trust, Argos Risk, BitSight, RiskRecon) is desired
• Familiarity with Microsoft 365 (e.g., Microsoft SharePoint, Teams, and OneDrive) and document management systems is desired
• Familiarity with project management and agile collaboration tools is desired
• Excellent attention to detail, critical thinking, and analytical skills.
• Ability to work proactively and efficiently in a fast-paced environment, interacting professionally with others.
• Dedicated to excellent customer service.
• Ability to communicate effectively, verbally and in writing. Ability to follow directions and collaborate effectively with a team.
• Understanding of project management principals and methodologies.

Location : Los Angeles, CA

Seniority Level : Senior Level

Employment Type : Contract

Job Function : Information Technology

Salary : $60-$78 / hr