IT Risk and Compliance Analyst
GT Restructuring · Miramar, FL · 2 wk ago
Information TechnologyFull-time
Position Summary
The IT Risk and Compliance Analyst will take a lead in the ongoing design, development, and management of the firm’s third-party risk management program. The position will consist of developing, monitoring, and assessing risks regarding vendor and partner relationships.
Key Responsibilities
- Completes vendor risk assessments submitted by clients and prospective clients (RFP)
- Responds to client Requests for Proposals (RFPs) and questionnaires related to security
- Performs information security due diligence on third party vendors to determine the effectiveness of their controls to protect the firm’s data, identify any discrepancies and provide recommendations to management
- Affords client needs against security concerns and resolves various risk issues
- Develops, implements, assigns, and monitors third party vendor assessments
- Executes and documents assessment activities following established processes and procedures
- Performs third party reviews to assess vendor information security posture and practices
- Keeps abreast of regulatory and compliance related information to enhance the third-party due diligence program
- Collaborates with team members to provide subject matter expertise with respect to the Firm’s third-party risk management program and to create and update documents and presentations that can be used to inform internal employees, external auditors, or internal auditors about the Firm’s third-party risk management program
- Contributes to the continuous improvement, including automation where possible, of all aspects of the third-party risk management program based on expert knowledge, industry best practices, business objectives, and risk tolerance, keeping the program relevant and in alignment with the business objectives
- Led third party risk threat notification to third party vendors by assessing vendor risk, impact, and response to third (e.g., assessing Log4Shell vendor impact and response communications)
- Tracks vendor mitigation progress of identified threats and risks
- Develops, implements, monitors KPI, KRI for third party risk management program
- Develops and updates third party risk management program policies, procedures, and best practices
- Actively participates in outside Third-Party Risk Management communities
- Works with the security team to develop, manage, and maintain the Firm’s Information Security Program, security awareness programs, insider threat programs, etc.
- Identifies Information Security & Business Continuity risks to senior management & make recommendations for corrective actions/mitigation of risks
- Works assess BCP/DR compliance status of third-party vendors and communicates their status/impact to the firm’s BCP/DR team
- Performs other related duties as required and assigned
Qualifications
- Understanding information security (IS) concepts, IT, information security awareness and third-party risk management processes, methodologies, and practices
- Experience working with compliance issues dealing with sensitive data preferred
- Strong analytical and problem-solving capabilities, with the ability to identify and resolve issues independently and effectively while exercising sound judgment
- Excellent interpersonal, written, and verbal communication skills, with the ability to interact effectively at all levels of the organization from analyst level to C-suite
- Explain and articulate technical concepts to non-technical stakeholders and follow basic troubleshooting steps to work through issues
- Demonstrate basic project management and documentation skills to manage multiple parallel work streams
- Ability to multitask and perform effectively under pressure, completing assignments with short lead times and tight deadlines while delivering superior service to clients and stakeholders
- May assume a team leader role as needed
- Proficiency with Microsoft Office suite
- Recognizes confidential, sensitive, and proprietary information and maintain such information as confidential
- Must be available outside normal working hours to participate in emergency events such as security incidents, breaches, investigations, etc.
- Bachelor’s degree in information technology, Information Systems, Information Security, Business Administration, or Risk Management (or equivalent experience) or 3+ years of work experience in relevant information risk position in lieu of degree
- 1-3 years of experience in implementing and/or supporting IT risk management processes
- 1-3 years of experience in responding to vendor IT risk assessments
- Experience working with IT audits, findings, and tracking and remediating to resolution
- Working knowledge of cloud technologies (any of these, Azure, AWS, Alibaba, GCP, IBM cloud) and software delivery models (SaaS, PaaS, IaaS)
- Industry certifications preferred (e.g., TPRA, CTPRP, CTPRA, CEH, CISA, CISM); candidates who do not already hold these certifications will be expected to work toward obtaining relevant certifications during their employment
- Proficiency with standard information gathering tools (e.g., DDQ, SIG, etc.)
- Proficiency with Windows-based software and Microsoft Office suite
- Working knowledge of A.I. & Cloud fundamentals (e.g., AI-900 certification)
- Working knowledge of A.I. technologies (Gen AI), CoPilot, ChatGPT, etc.