Risk and Compliance Analyst

Davis Polk and Wardwell LLP

$100K — $125K *
Legal & Accounting
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Familiarity with ISO 27001 and NIST frameworks.
  • Experience with client security questionnaires and vendor risk assessments.
  • Strong analytical and organizational skills with a detail-oriented focus.
  • Ability to manage multiple projects in a fast-paced environment.
  • Excellent communication skills for diverse audiences and teams.
  • Strong interpersonal skills for cross-level relationship building.
  • Ability to work independently while collaborating effectively.

Responsibilities

  • Maintain the Firm's Information Security Management System for ISO 27001 compliance.
  • Manage the client security assessment process, including documentation and coordination.
  • Support vendor risk assessments through reviewing security documentation.
  • Conduct internal IT risk assessments and document findings.
  • Coordinate disaster recovery testing and track associated action items.
  • Manage user access recertification processes and escalate issues as necessary.
  • Follow up on remediation efforts related to security assessments and audits.

Benefits

  • Comprehensive benefits package including health, dental, and retirement plans.
  • Opportunities for professional development and training.
  • Exposure to a supportive team environment and collaboration across departments.
  • Involvement in significant governance, risk, and compliance projects to enhance career growth.
Full Job Description
Position Summary

The Risk and Compliance Analyst will play a key role in supporting and executing the Firm's governance, risk and compliance (GRC) program. Reporting to the Compliance Manager, this role will independently manage components of the Firm's risk and compliance processes, including vendor risk management, client assessments, audit support, and policy governance. This position offers strong exposure to ISO 27001, client-facing security assessments, and enterprise risk management within a professional services environment.

Essential Duties and Responsibilities

Typical responsibilities include, but are not limited to, the following:
  • Support and help maintain the Firm's Information Security Management System (ISMS), including contributing to ISO 27001 compliance and annual recertification efforts.
  • Manage day-to-day execution of the Firm's client security assessment process, including gathering documentation, tracking questionnaires, and coordinating responses with internal teams.
  • Support third-party vendor risk assessments, including reviewing questionnaires, SOC reports, and supporting security documentation.
  • Assist in conducting internal IT risk assessments by gathering information from business and IT stakeholders to identify risks, document findings, and support development of risk treatment plans.
  • Support disaster recovery (DR) testing activities, including coordination, documentation, and tracking of results and action items.
  • Execute user access recertification processes for standard and privileged accounts, including tracking completion and escalating issues as needed.
  • Track and follow up on remediation efforts related to findings from client assessments, internal audits, penetration tests, and other security reviews.
  • Support the ongoing use of tools supporting vendor risk management and compliance processes.
  • Perform other duties as assigned.


Qualifications/Position Requirements
  • Familiarity with ISO 27001 framework, as well as NIST, SOC 2, or similar.
  • Experience responding to client security questionnaires and conducting vendor risk assessments.
  • Strong analytical, organizational, and time management skills with attention to detail.
  • Proven ability to manage multiple priorities and projects simultaneously in a fast-paced environment while consistently meeting deadlines.
  • Excellent verbal, written, and presentation skills, with the ability to communicate effectively with clients, leadership, and cross-functional teams.
  • Strong interpersonal skills with ability to build relationships and interact with individuals at all organizational levels.
  • Ability to work independently, exercise sound judgement, and take initiative while collaborating effectively across teams.


Education and/or Experience
  • Bachelor's degree required, preferably Business Systems, Information Systems.
  • 3-5 years of experience in IT risk, compliance, audit, or information security.
  • Previous experience in legal services preferred.


Compensation

The expected base salary for this position ranges from $100,000 - $125,000. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, anticipated assignment, and, where applicable, licensure or certifications obtained. Market and organizational factors are also considered. Davis Polk offers a competitive salary and comprehensive benefits package.

Similar Jobs

  • Nationwide Insurance
    Specialist Corporate Compliance
    $79K — $148K *
    Nationwide Insurance
    Wilkes Barre, PA 18702 (Luzerne County)
  • DLA Piper
    Conflicts Analyst
    $70K — $110K *
    DLA Piper
    Short Hills, NJ 07078 (Essex County)
  • DLA Piper
    Conflicts Analyst
    $70K — $110K *
    DLA Piper
    Reston, VA 20191 (Fairfax County)
  • DLA Piper
    Conflicts Analyst
    $70K — $110K *
    DLA Piper
    Boston, MA 02115 (Suffolk County)
  • DLA Piper
    Conflicts Analyst
    $70K — $110K *
    DLA Piper
    Wilmington, DE 19805 (New Castle County)
  • DLA Piper
    Conflicts Analyst
    $70K — $110K *
    DLA Piper
    Baltimore, MD 21215 (Baltimore City County)

More Jobs at Davis Polk and Wardwell LLP

More Legal & Accounting Jobs

Find similar Risk and Compliance Analyst jobs: