Analyst, Governance and Risk
White & Case LLP · Tampa, FL · 4 mo ago
HybridFinanceFull-time
Duties and Accountabilities
- Maintain and improve the GRC function
- Provide support for internal assessments and audits at planned intervals and on an ad hoc basis
- Evaluate and validate the design and operational effectiveness of technical and administrative controls to help reduce risk in the organization
- Mentor junior GRC Analysts on the team
- Afford support in monitoring open audit items from internal audits and external compliance/client/certification audits to ensure completion of remediation activities defined in the agreed action plans and risk treatment plans
- Support continuous monitoring processes to assess compliance with information security policies and standards, legal and regulatory compliance
- Provide compliance subject matter expertise support to various departments
- Afford assistance in conducting third-party vendor information security assessment and ongoing third-party assurance activities
- Create any necessary road maps for regulatory compliance
Qualifications
- 5-7+ years of experience within GRC, specifically vendor & risk management standards and frameworks
- Possessing any cybersecurity certifications, CRISC, CISM, CGEIT, CISA, CISSP, etc.
- Possessing an understanding of industry standards, certifications, and regulations including NIST800/CSF, ISO 27001
- Experience with compliance programs related to SSAE16 SOC1, SOC2, PCI, and/or NIST-800-53
- Working knowledge in Cloud Security assessments, systems, tools, and web application reviews including Secure SDLC life cycle assessments
- Working knowledge of enterprise infrastructure and application monitoring tools
- Proficient in Microsoft Office applications; SME in Excel and data manipulation
- Attention to detail. Clear logical and analytical thinker. Able to prioritize and manage multiple tasks under pressure
- Good verbal, written and numeric skills
- Able to travel or work overtime, as needed