Compliance and Security Analyst

We're looking for a detail-oriented compliance and risk analyst to help us keep our clients' security needs in check and ensure our firm stays on top of its game. Here's what you'll be doing:Client Security SupportQuickly respond to security-related questions from clients and potential clients.Keep track of security questionnaires and follow up on any loose ends.Team up with various departments"”like legal, IT, and compliance"”to collect info, solve problems, and make sure we're meeting client expectations.External Security Audits (ISO27001, Software Audits, etc.)Help plan and take part in efforts to keep our ISO27001 certification current.Organize regular check-ins on our risk management practices.Pull together the evidence needed for external audits, whether for ISO or client requirements.Vendor OversightBuild and maintain a solid list of our key service providers to help us spot and manage risks.Work with different teams to keep vendor records up to date.Assess risks for high-priority vendors and coordinate fixes when issues pop up.Partner with our compliance crew to ensure vendor contracts are reviewed properly.Internal ComplianceCollaborate with IT, leadership, and other teams to create risk management policies, procedures, and training resources.Run periodic access reviews for IT systems and guide other departments on doing the same.Perform internal audits to confirm we're sticking to our own rules.Other StuffStay in the loop on industry standards and best practices.Propose updates to our policies and processes when you see room for improvement.Tackle additional projects as they come up.What You'll NeedA bachelor's degree or solid equivalent experience.At least 3 years of admin or project coordination experience, ideally in a law firm or similar setting.Sharp communication skills (written and spoken).A knack for spotting details and staying organized.A proactive attitude and ability to own your work.Quick learner when it comes to new tools and systems.Strong Excel chops.Bonus Points If You HaveExperience with IT security audits, risk assessments, or compliance.A track record of writing policies, procedures, or technical docs.Familiarity with ISO27001, infosec best practices, or operational risk management.Knowledge of vendor risk management (VRM) or governance, risk, and compliance (GRC) tools.Some exposure to generative AI tools.Sound like this aligns with your background? Lets talk!

Created: 2025-02-27