Security Auditor Jobs

Cyber Risk Manager | Law Firm | Hybrid | $150k+

Are you looking to join an international firm with a prestigious reputation?

Are you excited to take on the full autonomy and ownership of third party risk management?

Are you looking to have a real voice in your position?

Our client is a law firm looking for someone looking to build out their security controls with third party risk management requests.

Your Day to Day

• Assist the with the development, implementation and management of the governance and risk strategic plan and roadmap, including evolving the reporting structure and frequency to InfoSec stakeholders;
• Serve as a key contributor in identifying, managing and communicating governance and risk across InfoSec policy domains, providing expertise to prioritize and manage risk, while facilitating the adoption in conjunction with the Controls Manager of IT Risk policies, standards and guidelines across the enterprise;
• Works with the Controls Manager and other stakeholders to identify, validate and document deficiencies in ITRM governance, processes and risk management practices, propose remediations, and enforce cross functional POAM initiatives and status reporting requirements in accordance with prioritization requirements;
• In conjunction with the Controls and TPRM Managers, evolve, develop and manage the development, maintenance and evaluation of organizational InfoSec governance and risk procedures, processes and guidelines in accordance with Firm and Client requirements;
• Manage the Cyber risk and issue registers and remediations; track IT risk registers and perform risk(s) to policy domain to control(s) mapping to provide prioritization and transparency into control and policy domains requiring remediation;
• Assist InfoSec’s TPRM and Client InfoSec Assessments, including assessment activities (completion and quality control reviews) and support reporting efforts to InfoSec leadership and stakeholders; Evolve risk methodologies, as well as conduct and support risk assessments to support InfoSec the identification of risk across policy domains, identify opportunities for control enhancement and risk mitigation; Facilitate the definition and maintenance of InfoSec governance and risk measures and metrics; and Handle additional related projects as assigned.

Benefits:

• Immediate impact on technical trajectory
• Opportunities for learning professional development
• Wide breadth of technical exposure
• Project ownership/autonomy
• Comprehensive Benefits package