Risk & Compliance Analyst
Aires · Pittsburgh, PA · 2 wk ago
LegalFull-time
Position Responsibilities
- Review, maintain, and improve third party risk management program
- Evaluate new and existing vendors against established risk criteria
- Aid in the maintenance of standards and documentation
- Review and recommend changes to policy and procedure
- Gather input from team members; draft and submit responses to risk assessment questionnaires and Requests for Proposals (RFPs)
- Support in the review of client contracts and track internal contract requirements
- Assess potential privacy incidents and process Data Subject Access Requests (DSARs)
- Cook collection and organization of evidence for internal and external audits (SOC2, ISO 27001, ISO 27701, ISO 42001)
- Aid in the review and improvement of GRC’s privacy and compliance initiatives
Required Qualifications
- A high school diploma/GED is required; a bachelor’s degree is preferred
- 0-2 years of experience supporting documentation, process improvement, or related analytical activities is preferred
- Strong attention to detail, organizational skills, and a willingness to learn are essential
- Understanding of fundamental privacy, security, and IT concepts (access controls, data retention, data privacy) is required
Additional Qualifications
- Curiosity, energy, and a solutions-first attitude are desirable
- Computer literacy with MS Office products, and ability to grasp proprietary software is required
- Demonstrated ability to manage multiple competing tasks is essential
- The ability to follow policies and procedures is crucial
- Thrives in a fast-paced environment is important
- A genuine desire to help others is valued
- A team-oriented mindset, with a strong sense of care and urgency is appreciated
- A desire to embrace our core values: Client Focus, Results, Responsibility & Accountability, Collaboration and Innovation is desired