Risk and Compliance Analyst
Davis Polk & Wardwell LLP · New York, United States · 6 days ago
Legal$100k–$125k/yrFull-time
Essential Duties And Responsibilities
- Support and help maintain the Firm’s Information Security Management System (ISMS), including contributing to ISO 27001 compliance and annual recertification efforts.
- Manage day-to-day execution of the Firm’s client security assessment process, including gathering documentation, tracking questionnaires, and coordinating responses with internal teams.
- Support third-party vendor risk assessments, including reviewing questionnaires, SOC reports, and supporting security documentation.
- Affiliate in conducting internal IT risk assessments by gathering information from business and IT stakeholders to identify risks, document findings, and support development of risk treatment plans.
- Execute user access recertification processes for standard and privileged accounts, including tracking completion and escalating issues as needed.
- Track and follow up on remediation efforts related to findings from client assessments, internal audits, penetration tests, and other security reviews.
- Perform other duties as assigned.
Qualifications/Position Requirements
- Familiarity with ISO 27001 framework, as well as NIST, SOC 2, or similar.
- Experience responding to client security questionnaires and conducting vendor risk assessments.
- Strong analytical, organizational, and time management skills with attention to detail.
- Proven ability to manage multiple priorities and projects simultaneously in a fast-paced environment while consistently meeting deadlines.
- Excellent verbal, written, and presentation skills, with the ability to communicate effectively with clients, leadership, and cross-functional teams.
- Strong interpersonal skills with ability to build relationships and interact with individuals at all organizational levels.
- Ability to work independently, exercise sound judgement, and take initiative while collaborating effectively across teams.
Education And/or Experience
- Bachelor’s degree required, preferably Business Systems, Information Systems.
- 3-5 years of experience in IT risk, compliance, audit, or information security.
- Previous experience in legal services preferred.