IT Risk and Compliance Analyst

Greenberg Traurig (GT), a global law firm with locations across the world in 15 countries, has an exciting employment opportunity for you. We offer competitive compensation and an excellent benefits package, along with the opportunity to work within an innovative and collaborative environment.

Join our Technology department​ as a IT Risk and Compliance Analyst located in our Warsaw Center of Excellence office (remote).

Position Summary:

The IT Risk and Compliance Analyst will take a lead in the ongoing design, development, and management of the firm's third-party risk management program.  The position will consist of developing, monitoring, and assessing risks regarding vendor and partner relationships.

Takes lead in the ongoing design, development, and management of the firms' Information Security Program. This position will consist of developing, monitoring, and enforcing information security practices and controls to ensure information and computing assets are kept secure from unauthorized access and inappropriate alteration.

Duties & Responsibilities:

• Complete vendor risk assessments submitted by clients and prospective clients (RFP).

• Respond to client Requests for Proposals (RFPs) and questionnaires related to security.

• Perform information security due diligence on third party vendors to determine the effectiveness of their controls to protect the firm's data, identify any discrepancies and provide recommendations to management.

• Assesses client needs against security concerns and resolves various risk issues.

• Develop, implement, assign, and monitor third party vendor assessments.

• Execute and document assessment activities following established processes and procedures.

• Perform third party reviews to assess vendor information security posture and practices.

• Keep abreast of regulatory and compliance related information to enhance the third-party due diligence program.

• Collaborate with team members to provide subject matter expertise with respect to the Firm's third-party risk management program and to create and update documents and presentations that can be used to inform internal employees, external auditors or internal auditors about the Firm's third-party risk management program.

• Contribute to the continuous improvement, including automation where possible, of all aspects of the third-party risk management program based on expert knowledge, industry best practices, business objectives and risk tolerance, keeping the program relevant and in alignment with the business objectives.

• Lead third party risk threat notification to third party vendors by assessing vendor risk, impact and response to third (e.g., assessing Log4Shell vendor impact and response communications)

• Track vendor mitigation progress of identified threats and risks

• Develop, implement, monitor KPI, KRI for third party risk management program.

• Develop and update third party risk management program policies, procedures, and best practices.

• Actively participate in outside Third-Party Risk Management communities.

• Work with the security team to develop, manage and maintain the Firm's Information Security Program, security awareness programs, insider threat programs, etc.

• Identify Information Security & Business Continuity risks to senior management & make recommendations for corrective actions/mitigation of risks.

• Works assess BCP/DR compliance status of third-party vendors and communicate their status/impact to the firm's BCP/DR team.

Skills & Competencies:

• Proficiency with standard information gathering tools (e.g., DDQ, SIG, etc.)

• Working knowledge of security exchanges (e.g. ProcessUnity, OneTrust, UpGuard, CyberGRX, Prevalent, Archer, LogicManager, etc.)

• Understanding information security (IS) concepts, IT, information security awareness and third-party risk management processes, methodologies, and practices.

• Experience working with compliance issues dealing with sensitive data preferred.

• Demonstrate strong customer service skills to ensure a smooth data collection experience for both our customers and our internal business unit partners.

• Must be available outside normal working hours to participate in emergency events such as security incidents, breaches, investigations, etc.

• As a specialist on complex technical and business matters, work is highly independent. May assume a team leader role as needed.

• Demonstrate strong customer service skills to ensure a smooth evidence collection experience for both clients and vendors.

• Explain and articulate technical concepts to non-technical stakeholders and follow basic troubleshooting steps to work through issues.

• Strong interpersonal skills, capable of interacting at all levels of the organization from analyst level to C-suite.

• Demonstrate basic project management and documentation skills to manage multiple parallel work streams.

• Work well under pressure with tight deadlines to deliver superior service to our clients and stakeholders.

• Excellent written and verbal communication skills

• Proficiency with Microsoft Office suite

• Working knowledge of security exchanges (e.g. ProcessUnity, OneTrust, UpGuard, CyberGRX, Prevalent, Archer, LogicManager, etc.)

Qualifications & Prior Experience:

• Bachelor's degree in information technology, Information Systems, Information Security, Business Administration, or Risk Management (or equivalent experience) or 3+ years of work experience in relevant information risk position in lieu of degree.

• 1-3 years of experience in implementing and/or supporting IT risk management processes.

• 1-3 years of experience in responding to vendor IT risk assessments  

• Experience working with IT audits, findings, and tracking and remediating to resolution.

• Working knowledge of cloud technologies (any of these, Azure, AWS, Alibaba, GCP, IBM cloud) and software delivery models (SaaS, PaaS, IaaS).

• Industry certifications preferred (e.g. TPRA, CTPRP, CTPRA, CEH, CISA, CISM) or will obtain

• Proficiency with Windows-based software and Microsoft Office suite

• Working knowledge of A.I. fundamentals (e.g. AI-900 certification)

• Working knowledge of A.I. technologies (Gen AI), CoPilot, ChatGPT, etc.

Other

• Be a Polish citizen living in Poland or a foreign national living in Poland with the right to work in Poland without a work permit.