Jobs · Information Technology · Florida

IT Risk and Compliance Analyst

GT Restructuring · Miramar, FL · 2 wk ago
Information TechnologyFull-time

Position Summary

The IT Risk and Compliance Analyst will take a lead in the ongoing design, development, and management of the firm’s third-party risk management program. The position will consist of developing, monitoring, and assessing risks regarding vendor and partner relationships.

Key Responsibilities

  • Completes vendor risk assessments submitted by clients and prospective clients (RFP)
  • Responds to client Requests for Proposals (RFPs) and questionnaires related to security
  • Performs information security due diligence on third party vendors to determine the effectiveness of their controls to protect the firm’s data, identify any discrepancies and provide recommendations to management
  • Affords client needs against security concerns and resolves various risk issues
  • Develops, implements, assigns, and monitors third party vendor assessments
  • Executes and documents assessment activities following established processes and procedures
  • Performs third party reviews to assess vendor information security posture and practices
  • Keeps abreast of regulatory and compliance related information to enhance the third-party due diligence program
  • Collaborates with team members to provide subject matter expertise with respect to the Firm’s third-party risk management program and to create and update documents and presentations that can be used to inform internal employees, external auditors, or internal auditors about the Firm’s third-party risk management program
  • Contributes to the continuous improvement, including automation where possible, of all aspects of the third-party risk management program based on expert knowledge, industry best practices, business objectives, and risk tolerance, keeping the program relevant and in alignment with the business objectives
  • Led third party risk threat notification to third party vendors by assessing vendor risk, impact, and response to third (e.g., assessing Log4Shell vendor impact and response communications)
  • Tracks vendor mitigation progress of identified threats and risks
  • Develops, implements, monitors KPI, KRI for third party risk management program
  • Develops and updates third party risk management program policies, procedures, and best practices
  • Actively participates in outside Third-Party Risk Management communities
  • Works with the security team to develop, manage, and maintain the Firm’s Information Security Program, security awareness programs, insider threat programs, etc.
  • Identifies Information Security & Business Continuity risks to senior management & make recommendations for corrective actions/mitigation of risks
  • Works assess BCP/DR compliance status of third-party vendors and communicates their status/impact to the firm’s BCP/DR team
  • Performs other related duties as required and assigned

Qualifications

  • Understanding information security (IS) concepts, IT, information security awareness and third-party risk management processes, methodologies, and practices
  • Experience working with compliance issues dealing with sensitive data preferred
  • Strong analytical and problem-solving capabilities, with the ability to identify and resolve issues independently and effectively while exercising sound judgment
  • Excellent interpersonal, written, and verbal communication skills, with the ability to interact effectively at all levels of the organization from analyst level to C-suite
  • Explain and articulate technical concepts to non-technical stakeholders and follow basic troubleshooting steps to work through issues
  • Demonstrate basic project management and documentation skills to manage multiple parallel work streams
  • Ability to multitask and perform effectively under pressure, completing assignments with short lead times and tight deadlines while delivering superior service to clients and stakeholders
  • May assume a team leader role as needed
  • Proficiency with Microsoft Office suite
  • Recognizes confidential, sensitive, and proprietary information and maintain such information as confidential
  • Must be available outside normal working hours to participate in emergency events such as security incidents, breaches, investigations, etc.
  • Bachelor’s degree in information technology, Information Systems, Information Security, Business Administration, or Risk Management (or equivalent experience) or 3+ years of work experience in relevant information risk position in lieu of degree
  • 1-3 years of experience in implementing and/or supporting IT risk management processes
  • 1-3 years of experience in responding to vendor IT risk assessments
  • Experience working with IT audits, findings, and tracking and remediating to resolution
  • Working knowledge of cloud technologies (any of these, Azure, AWS, Alibaba, GCP, IBM cloud) and software delivery models (SaaS, PaaS, IaaS)
  • Industry certifications preferred (e.g., TPRA, CTPRP, CTPRA, CEH, CISA, CISM); candidates who do not already hold these certifications will be expected to work toward obtaining relevant certifications during their employment
  • Proficiency with standard information gathering tools (e.g., DDQ, SIG, etc.)
  • Proficiency with Windows-based software and Microsoft Office suite
  • Working knowledge of A.I. & Cloud fundamentals (e.g., AI-900 certification)
  • Working knowledge of A.I. technologies (Gen AI), CoPilot, ChatGPT, etc.

Similar jobs

IT Risk & Compliance Analyst

Watts Water TechnologiesNorth Andover, MA· 1 wk ago
Information Technology$84k–$94k/yrapply on wattswater.wd5.myworkdayjobs.com

Risk and Compliance Analyst

Davis Polk & Wardwell LLPNew York, United States· 4 days ago
Legal$100k–$125k/yrapply on davispolk.wd5.myworkdayjobs.com