Security Governance, Risk, Compliance Analyst

Description

The Security Governance, Risk, Compliance (GRC) Analyst will be responsible for supporting the daily activities of the GRC function within A&M’s Global Security Office. This role will be focused in supporting client questionnaires and audit requests, performance of third-party supplier assessments, and working closely with business stakeholders to align security measures commensurate with risk. The GRC Analyst requires a strong understanding of security controls with the ability to effectively assess and communicate technical security requirements to teams across the firm. The GRC Analyst will support cybersecurity related initiatives as required.

Responsibilities:

• Respond to client security questionnaires, RFP/RFI’s, and audit requests. Coordinate responses by working with internal stakeholders across disciplines. Maintain database of knowledge.
• Respond to and maintain the GRC service queue for tickets escalated to the team in coordination with the relevant stakeholders.
• Execute the firm’s Heightened Security Process which entails working with business stakeholders globally to ensure appropriate security measures are in place at the engagement level.
• Support activities pertaining to risk management; execution of the risk strategy inclusive of identification, tracking, and participation within treatment activities.
• Participate and execute governance activities including metrics gathering and reporting, and the performance of recurring internal assessment activities.
• Perform third-party security vendor diligence. Laisse with business and external stakeholders to perform assessments and identify risk, whilst maintaining monitoring activities of existing vendors.

Qualifications:

• Strong familiarity with industry frameworks such as ISO standards, NIST, and SOC reports.
• Strong experience responding to client/customer security inquires.
• Strong analytical thinking, written, and oral communication skills.
• Couple of years experience in security governance, risk, and compliance or related.
• Working knowledge of common audit and compliance tools. Experience with a GRC tool is a plus.
• Demonstrable knowledge in the assessment of third-party suppliers.
• Ability to drive responsibilities independently, while serving as a valued team member in the greater context.
• Broad and solid understanding of cyber security concepts and risks.

Desired Education:

• Bachelor’s degree – preferably in Information Security, Computer Science or related area.
• Industry recognized certification in security (e.g., CISSP, CISA, CISM, CRISC, ISO27001).

The annual base salary range is $80,000 - $100,000, commensurate with experience. In addition, A&M offers a discretionary bonus program which is based on a number of factors, including individual and firm performance. Please ask your recruiter for details.

Diversity & Inclusion

A&M’s entrepreneurial culture celebrates independent thinkers and doers who can positively impact our clients and shape our industry. The collaborative environment and engaging work—guided by A&M’s core values of Integrity, Quality, Objectivity, Fun, Personal Reward, and Inclusive Diversity—are the main reasons our people love working at A&M. Inclusive Diversity means we embrace diversity, and we foster inclusiveness, encouraging everyone to bring their whole self to work each day. It runs through how we recruit, develop employees, conduct business, support clients, and partner with vendors. It is the A&M way.

Voluntary Inclusion

It is Alvarez & Marsal’s practice to provide and promote equal opportunity in employment, compensation, and other terms and conditions of employment without discrimination because of race, color, sex, sexual orientation, gender identity, family medical history or genetic information, political affiliation, military service, pregnancy, marital status, family status, religion, national origin, age or disability or any other non-merit based factor or any other characteristics in accordance with all applicable laws and regulations.

Unsolicited Resumes from Third-Party Recruiters

Please note that as per A&M policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters are engaged to provide candidates for a specified opening and in alignment with our Inclusive Diversity values. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that A&M will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.