INFORMATION SERVICES DEPARTMENT
The firm is seeking a Technology Risk & Compliance Analyst, reporting to the Technology Risk & Compliance Manager. The Technology Risk & Compliance Analyst will work with clients, external vendors and internal business units to support the firm’s risk management activities. Strong written and oral communication skills are essential, as are excellent attention to detail and organizational skills.

RESPONSIBILITIES include but are not limited to:

Client Security Assessment Support:

• Respond promptly to inquiries from clients and prospective clients for security information
• Track and coordinate the completion of security assessment questionnaires and open issues
• Work with matter teams, GCO, IS and other departments to gather information and resolve issues and ensure that client compliance requirements are met

Firm External Security Assessment Support (ISO27001, financial software audit, others):

• Schedule and participate in activities to maintain the firm’s ISO27001 certification
• Coordinate periodic reviews of risk management policies and procedures
• Gather evidence to support external ISO and client audits

Vendor Risk Management:

• Create and maintain robust inventory of key firm services providers to support the firm's efforts to ensure that risks associated with service providers are identified, evaluated and controlled
• Work with business units to maintain up-to-date documentation of current vendor relationships
• Conduct vendor risk assessments of high-risk vendors
• Track and coordinate the resolution of vendor remediations
• Work with GCO to ensure that contract reviews are performed according to best practices

Firm Internal Compliance Reviews:

• Work with IS management, firm management and business units across the firm to develop risk management policies, procedures and training materials
• Conduct periodic access reviews for IS; train and support other departments in conducting access reviews and other risk mitigation measures required by policy
• Conduct internal reviews to ensure ongoing compliance with firm policies

General:

• Keep up with current standards and best practices in the industry
• Suggest and draft improvements to firm policies, procedures and controls
• Other related duties and projects as assigned

REQUIREMENTS:

• Bachelor’s degree or relevant professional experience
• Three or more years of administrative support and/or project coordination experience in law firm or similar environment
• Strong written and oral communication skills
• Excellent attention to detail and organizational skills
• Demonstrated ability to take ownership of tasks
• Demonstrated ability to learn new software and processes
• Strong Excel skills

PREFERRED QUALIFICATIONS:

• Experience with IT security auditing, security risk assessments, or IT compliance
• Experience writing policies, procedures and/or technical documentation
• Exposure to/knowledge of ISO27001 and related standards and information security best practices, operational risk management best practices
• Familiarity with VRM or GRC tools
• Familiarity with generative AI tools