Join our Technology Team as an IT Risk and Compliance Analyst located in our Miramar office.

We are seeking a professional who thrives in a fast-paced, deadline-driven environment. The ideal candidate possesses strong problem-solving and decision-making abilities, ensuring efficiency and accuracy in every task. With a dedicated work ethic and a can-do attitude, you will take initiative and approach challenges with confidence and resilience. Excellent communication skills are essential for collaborating effectively across teams and delivering exceptional client service. If you are someone who demonstrates initiative, adaptability, and innovation, we invite you to join our team.

This role will be based in our Miramar office on a hybrid basis. This role reports to the Technology Security Manager.

Position Summary

The IT Risk and Compliance Analyst will take a lead in the ongoing design, development, and management of the firm’s third-party risk management program.  The position will consist of developing, monitoring, and assessing risks regarding vendor and partner relationships.

Key Responsibilities

• Completes vendor risk assessments submitted by clients and prospective clients (RFP)

• Responds to client Requests for Proposals (RFPs) and questionnaires related to security

• Performs information security due diligence on third party vendors to determine the effectiveness of their controls to protect the firm’s data, identify any discrepancies and provide recommendations to management

• Assesses client needs against security concerns and resolves various risk issues

• Develops, implements, assigns, and monitors third party vendor assessments

• Executes and documents assessment activities following established processes and procedures

• Performs third party reviews to assess vendor information security posture and practices

• Keeps abreast of regulatory and compliance related information to enhance the third-party due diligence program

• Collaborates with team members to provide subject matter expertise with respect to the Firm’s third-party risk management program and to create and update documents and presentations that can be used to inform internal employees, external auditors, or internal auditors about the Firm’s third-party risk management program

• Contributes to the continuous improvement, including automation where possible, of all aspects of the third-party risk management program based on expert knowledge, industry best practices, business objectives, and risk tolerance, keeping the program relevant and in alignment with the business objectives

• Leads third party risk threat notification to third party vendors by assessing vendor risk, impact, and response to third (e.g., assessing Log4Shell vendor impact and response communications)

• Tracks vendor mitigation progress of identified threats and risks

• Develops, implements, monitors KPI, KRI for third party risk management program

• Develops and updates third party risk management program policies, procedures, and best practices

• Actively participates in outside Third-Party Risk Management communities

• Works with the security team to develop, manage, and maintain the Firm’s Information Security Program, security awareness programs, insider threat programs, etc.

• Identifies Information Security & Business Continuity risks to senior management & make recommendations for corrective actions/mitigation of risks

• Works assess BCP/DR compliance status of third-party vendors and communicates their status/impact to the firm’s BCP/DR team

• Performs other related duties as required and assigned

Qualifications

Skills & Competencies

• Understanding information security (IS) concepts, IT, information security awareness and third-party risk management processes, methodologies, and practices

• Experience working with compliance issues dealing with sensitive data preferred

• Strong analytical and problem-solving capabilities, with the ability to identify and resolve issues independently and effectively while exercising sound judgment

• Strong interpersonal, written, and verbal communication skills, with the ability to interact effectively at all levels of the organization from analyst level to C-suite

• Explain and articulate technical concepts to non-technical stakeholders and follow basic troubleshooting steps to work through issues

• Demonstrate basic project management and documentation skills to manage multiple parallel work streams

• Ability to multitask and perform effectively under pressure, completing assignments with short lead times and tight deadlines while delivering superior service to clients and stakeholders

• As a specialist on complex technical and business matters, work is highly independent. May assume a team leader role as needed

• Proficiency with Microsoft Office suite

• Recognizes confidential, sensitive, and proprietary information and maintain such information as confidential

• Must be available outside normal working hours to participate in emergency events such as security incidents, breaches, investigations, etc.

Education & Prior Experience

• Bachelor’s degree in information technology, Information Systems, Information Security, Business Administration, or Risk Management (or equivalent experience) or 3+ years of work experience in relevant information risk position in lieu of degree

• 1-3 years of experience in implementing and/or supporting IT risk management processes

• 1-3 years of experience in responding to vendor IT risk assessments

• Experience working with IT audits, findings, and tracking and remediating to resolution

• Working knowledge of cloud technologies (any of these, Azure, AWS, Alibaba, GCP, IBM cloud) and software delivery models (SaaS, PaaS, IaaS)

• Industry certifications preferred (e.g., TPRA, CTPRP, CTPRA, CEH, CISA, CISM); candidates who do not already hold these certifications will be expected to work toward obtaining relevant certifications during their employment

• Working knowledge of security exchanges (e.g., ProcessUnity, OneTrust, UpGuard, CyberGRX, Prevalent, Archer, LogicManager, etc.)

• Proficiency with standard information gathering tools (e.g., DDQ, SIG, etc.)

• Proficiency with Windows-based software and Microsoft Office suite

• Working knowledge of A.I. & Cloud fundamentals (e.g., AI-900 certification)

• Working knowledge of A.I. technologies (Gen AI), CoPilot, ChatGPT, etc.