IT Risk and Compliance Analyst

We Do Consulting Differently

The IT Risk and Compliance Analyst position is a highly visible, client facing role which works closely with the Legal and Business Unit stakeholders and reports to the IT Risk and Compliance Manager. This role is responsible for providing assistance in evaluating, assessing, and monitoring the firm's risk and compliance with applicable information security standards and frameworks, industry best practices, and applicable laws and regulations. This role will also help coordinate and maintain the firm's Information Security Management Program and assistin implementing security policy objectives in ways that align with business and mission objectives.

Reporting Relationships:

• IT Risk and Compliance Manager

Key Contacts:

• Works closely with the Legal and Business Unit stakeholders.
• This role will work with the clients in response to security assessments and due diligence questionnaires covering a broad range of business disciplines and industries (i.e., Healthcare, Financial Services, Construction, Government Contracts, Insurance, Real Estate, et al).
• This role will work in conjunction with the IT Security and Infrastructure Team.

Major Responsibilities/ Job Functions:

• Provide IT security, risk, and compliance advice to business units on an ongoing basis.
• Analyze and address gaps in operations to ensure integrity of processes, controls, and policies.
• Assist in maintaining and updating Information Security Program policies and procedures as needed, also completing a yearly review to ensure all documentation is properly updated.
• Provide governance for participation in the information security incident response process by ensuring that the process is being followed and documented.
• Respond to escalated security events and drive the security incident response process.
• Participate in the evaluation, development and implementation of security standards, procedures and guidelines for multiple platforms and diverse systems environments.
• Works with internal and external auditors to demonstrate and provide evidence for controls that are in place. May conduct additional testing to validate that items found during testing have been remediated.
• Responsible for completion of client security questionnaires and working with the business units to assist with RFI responses related to IT security.
• Assists in vendor vetting to ensure our vendors, business partners, or suppliers are using the same or higher security practices.
• Assists in conducting Risk Assessments and annual reviews for any new or current vendors, business partners, or suppliers.
• Assists with complex security assessments that require both analytical and technical skills across a broad range of Information Technology topics (e.g., Identity and Access Management, Security Architecture, Physical and Environmental, etc.).
• Assists with evaluating, testing, documenting, and maintaining the firmwide DR and BCP policies, processes, and standards.
• Assists with the Security Awareness Training program initiatives related to phishing campaigns and coordinate with HR to deliver ongoing employee training.

Requirements:

• Associate Degree or equivalent work experience
• 3 years of experience in two or more major information technology functions (infrastructure, operations, datacenter, application support, etc.)
• 3 years IT security, IT compliance, or IT risk management experience desired.
• 3 years of experience involving ISO27001 annual surveillance audits and full recertification audits.
• Familiarity with industry frameworks and standards such as SOC2, HIPAA, HITRUST is a plus.
• Familiarity with GDPR and CCPA.
• Familiarity using GRC tools.
• Knowledge of application and network security, information security risk and industry best practice (how to best manage risk).
• Experience with building, executing, and maintaining DR and BCP program.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Excellent written/verbal communication skills and time management skills.
• Strong troubleshooting, problem-solving and analytical skills.
• Position may require traveling for short periods. Trips will sometimes extend to 5 working days and could on rare occasions extend beyond 5 business days. All travel expenses will be reimbursed.

Salary Range: $90,000-$115,000

Candidate must be able to submit verification of his/her legal right to work in the U.S., without company sponsorship.

About BRG

BRG combines world-leading academic credentials with world-tested business expertise and purpose-built emerging technologies. Our culture centers on agility and connectivity which sets us apart and gets you ahead.

At BRG, our professionals include specialist consultants, industry experts, renowned academics, and leading-edge data scientists. Together, they bring a diversity of real-world experience, data, and human and artificial intelligence, to economics, disputes, and investigations; corporate finance; and performance improvement services that address the most complex challenges facing organizations across the globe.

Our unique structure nurtures the interdisciplinary relationships that give us the edge, laying the groundwork for more informed insights and more original, incisive thinking. When paired with our global reach and resources, our diverse perspectives and technical capabilities make us uniquely capable to address our clients' challenges. We get results because we know how to apply our thinking to your world.

At BRG, we don't just show you what's possible. We're built to help you make it happen.

BRG is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran status, ancestry, sexual orientation, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law.