IT Risk Analyst

May 17

Apply Now

Receive Emails with Similar Jobs

Dentons

WebsiteLinkedInAll Job Openings

Dentons is the world's largest law firm, delivering quality and value to clients around the globe$1. .$1

10,000+

Description

• Conduct risk assessments of the company's IT systems, processes, and data, and analyze efficiency of existing security controls, identify vulnerabilities and gaps in risk treatments. • Respond to customer information security questionnaires and provide evidence of the company's security posture and compliance. • Review client and suppliers' agreements in the parts pertaining to information security and ensure compliance with policies and regulations. • Perform third-party supplier risk assessments and ensure that they meet the company's security standards and contractual obligations. • Develop and update security policies, procedures, and guidelines and ensure they align with the company's objectives, clients, and regulatory requirements. • Provide security awareness and training to the company's staff and stakeholders. • Monitor and report on the company's security performance and compliance status and recommend corrective actions and improvements. • Maintain documentation of compliance activities, including policies, procedures, risk assessments, and audit reports. • Assist internal and external assessments and audits to ensure compliance with client requirements and industry-specific regulations such as GDPR, SOX, etc. • Provide guidance and support to business practices on information security-related matters, including data classification, access control, etc. • Research and stay updated on the latest laws and regulations, security trends, threats, and best practices.

Requirements

• At least two years of experience in IT risk management, audit, or compliance focused role in information security. • Knowledge of security frameworks, standards, and regulations, such as ISO 27001, NIST, GDPR, SOX etc. • Knowledge of one or more risk management frameworks, knowledge of quantified risk management frameworks is preferred. • Understanding of information security principles and practices, proficiency in information security tools and techniques with the ability to identify and mitigate security risks. • Strong analytical, problem-solving, and decision-making skills. • Excellent communication and interpersonal skills, ability to convey complex information security and risk concepts to non-technical audiences. • Ability to work independently and collaboratively in a challenging fast-paced and dynamic environment. • Certifications such as CISSP, CISA, CRISC are a plus, but not required.

Benefits

• Generous paid sick time • Annual day of service