Jobs · Legal · New York

Risk and Compliance Analyst

Davis Polk & Wardwell LLP · New York, United States · 6 days ago
Legal$100k–$125k/yrFull-time

Essential Duties And Responsibilities

  • Support and help maintain the Firm’s Information Security Management System (ISMS), including contributing to ISO 27001 compliance and annual recertification efforts.
  • Manage day-to-day execution of the Firm’s client security assessment process, including gathering documentation, tracking questionnaires, and coordinating responses with internal teams.
  • Support third-party vendor risk assessments, including reviewing questionnaires, SOC reports, and supporting security documentation.
  • Affiliate in conducting internal IT risk assessments by gathering information from business and IT stakeholders to identify risks, document findings, and support development of risk treatment plans.
  • Execute user access recertification processes for standard and privileged accounts, including tracking completion and escalating issues as needed.
  • Track and follow up on remediation efforts related to findings from client assessments, internal audits, penetration tests, and other security reviews.
  • Perform other duties as assigned.

Qualifications/Position Requirements

  • Familiarity with ISO 27001 framework, as well as NIST, SOC 2, or similar.
  • Experience responding to client security questionnaires and conducting vendor risk assessments.
  • Strong analytical, organizational, and time management skills with attention to detail.
  • Proven ability to manage multiple priorities and projects simultaneously in a fast-paced environment while consistently meeting deadlines.
  • Excellent verbal, written, and presentation skills, with the ability to communicate effectively with clients, leadership, and cross-functional teams.
  • Strong interpersonal skills with ability to build relationships and interact with individuals at all organizational levels.
  • Ability to work independently, exercise sound judgement, and take initiative while collaborating effectively across teams.

Education And/or Experience

  • Bachelor’s degree required, preferably Business Systems, Information Systems.
  • 3-5 years of experience in IT risk, compliance, audit, or information security.
  • Previous experience in legal services preferred.

Similar jobs