Risk Compliance Analyst Jobs in New York

TECHNOLOGY RISK & COMPLIANCE ANALYST

Information Services Department

Debevoise & Plimpton LLP is a premier law firm with market-leading practices, a global perspective and strong New York roots. Our clients look to us to bring a distinctively high degree of quality, intensity and creativity to resolve legal challenges effectively and cost efficiently. We believe in hiring talented, dedicated and highly motivated individuals as members of our administrative community. We draw on the strength of our culture and structure to deliver the best of our firm to our lawyers and clients through true collaboration.

The firm is seeking a Technology Risk & Compliance Analyst, reporting to the Technology Risk & Compliance Manager. The Technology Risk & Compliance Analyst will work with clients, external vendors and internal business units to support the firm’s risk management activities. Strong written and oral communication skills are essential, as are excellent attention to detail and organizational skills.

RESPONSIBILITIES include but are not limited to:

Client Security Assessment Support:

• Respond promptly to inquiries from clients and prospective clients for security information
• Track and coordinate the completion of security assessment questionnaires and open issues
• Work with matter teams, GCO, IS and other departments to gather information and resolve issues and ensure that client compliance requirements are met

Firm External Security Assessment Support (ISO27001, financial software audit, others):

• Schedule and participate in activities to maintain the firm’s ISO27001 certification
• Coordinate periodic reviews of risk management policies and procedures
• Gather evidence to support external ISO and client audits

Vendor Risk Management:

• Create and maintain robust inventory of key firm services providers to support the firm's efforts to ensure that risks associated with service providers are identified, evaluated and controlled
• Work with business units to maintain up-to-date documentation of current vendor relationships
• Conduct vendor risk assessments of high-risk vendors
• Track and coordinate the resolution of vendor remediations
• Work with GCO to ensure that contract reviews are performed according to best practices

Firm Internal Compliance Reviews:

• Work with IS management, firm management and business units across the firm to develop risk management policies, procedures and training materials
• Conduct periodic access reviews for IS; train and support other departments in conducting access reviews and other risk mitigation measures required by policy
• Conduct internal reviews to ensure ongoing compliance with firm policies

General:

• Keep up with current standards and best practices in the industry
• Suggest and draft improvements to firm policies, procedures and controls
• Other related duties and projects as assigned

REQUIREMENTS:

• Bachelor’s degree or relevant professional experience
• Three or more years of administrative support and/or project coordination experience in law firm or similar environment
• Strong written and oral communication skills
• Excellent attention to detail and organizational skills
• Demonstrated ability to take ownership of tasks
• Demonstrated ability to learn new software and processes
• Strong Excel skills

PREFERRED QUALIFICATIONS:

• Experience with IT security auditing, security risk assessments, or IT compliance
• Experience writing policies, procedures and/or technical documentation
• Exposure to/knowledge of ISO27001 and related standards and information security best practices, operational risk management best practices
• Familiarity with VRM or GRC tools
• Familiarity with generative AI tools

TO APPLY:

A resume is required to apply for this position. Please tell us your salary requirements and where you saw this position posted. Send required materials to:

Human Resources

jferrigno@debevoise.com

TTY only: 212.909.7388

Debevoise & Plimpton LLP is an equal opportunity employer. All qualified applicants will receive equal consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran or any other legally protected category in accordance with U.S. law.